Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
962
Views
0
Helpful
1
Replies

Number of IPSec tunnels on ASR and ISR

Krzysztof Zaleski
Level 1
Level 1

‎09-08-2015 02:16 AM - edited ‎02-21-2020 08:27 PM

Hello,

According to datasheets of ASR1001X and ISR3945-E maximum supported IPSec tunnels (site-to-ste) is 4000. Real-life example which we face shows, that ASR has a problem with 1500 tunnels (memory leaks, reboots, tunnel hangs, etc, the most recent IOSXE), however ISR is doing quite fine. My question is, will ISR handle those 4000 tunnels or it will have the same issues when we already reach 2000? Does anoyone have experience with large number of tunnels (ex. remote ATMs)? Which device do you use to terminate them? There is no issue with performance, as tunnels carry maybe small amount or traffic, but there is thousands of them. What are your recommendations? Stick with ISR? Do it with ASA? Maybe ISR4K, but it's relatively fresh box, and we need verified, stable solution.

Best regards,

Krzysztof

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Samir Aliyev
Level 1
Level 1

‎03-05-2021 02:20 AM

Salam Krzysztof,
You are talking about huge amount and it seems quite serious. I think it would be better if you request officially to Cisco vendor itself or their high-level partners/distributors and obtain official confirmation.

 

Best Regards,

Samir Aliyev

0 Helpful
Customers Also Viewed These Support Documents