Hello,
According to datasheets of ASR1001X and ISR3945-E maximum supported IPSec tunnels (site-to-ste) is 4000. Real-life example which we face shows, that ASR has a problem with 1500 tunnels (memory leaks, reboots, tunnel hangs, etc, the most recent IOSXE), however ISR is doing quite fine. My question is, will ISR handle those 4000 tunnels or it will have the same issues when we already reach 2000? Does anoyone have experience with large number of tunnels (ex. remote ATMs)? Which device do you use to terminate them? There is no issue with performance, as tunnels carry maybe small amount or traffic, but there is thousands of them. What are your recommendations? Stick with ISR? Do it with ASA? Maybe ISR4K, but it's relatively fresh box, and we need verified, stable solution.
Best regards,
Krzysztof