- Up to 2500 VPN tunnels
I had a 3845 router with around 700 VPN Tunnels, but the router was not able to manage the tunnels and they were flapping non-stop! I looked long time for the source of problem until the time that I decided to reduce the number of tunnels with the batch of 20 tunnels. I got the stability when I reached a specific number of tunnels in the router.
So what was the problem? In my crypto ACL,I had 4 statements. As per Cisco (which is mentioned and written nowhere), each statement which creates an SA is considered as a VPN Tunnel! So if I have 5 isakmp tunnels, I am using 20 VPN tunnels, per Cisco.
Result : When you see "up to 2500 VPN Tunnels" in the specification of a router, it isn't the actual limit number of isakmp tunnels, but the limit of SAs.
nice article. thanks for sharing such an nice post
ReplyDelete