Link to home
Start Free TrialLog in
Avatar of clarkeyi
clarkeyi

asked on

How many NAT incoming connections can a Cisco VPN 3015 concentrator recieve simultaneously?

Hello

I have a specific question regarding the Cisco 3015 VPN concentrator.
I know it can handle 100 simultaneous incoming connections\Tunnels. But I have been asked how many connectoins it could receive with one NATted IP address coming in to the concentrator?.  Does each NAT connection still count as 1 or would it be infinite?

I had an answer of approx 65000 earlier but not sure if i worded the question correctly which I have hopefully done now

Thanks

Ian
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image

Looks like 75 "clientless"

Cisco VPN 3015 Concentrator
The Cisco VPN 3015 Concentrator is designed for small- to medium-sized organizations with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance), with support for up to 100 simultaneous IPSec sessions or 75 simultaneous clientless sessions. Like the Cisco VPN 3005, encryption processing is performed in software, but the Cisco VPN 3015 is also field-upgradable to the Cisco VPN 3030 and 3060 models.

From http://cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
-rich
I think that would be for all clientless connections, not just one nat'd address... cisco can be a pain about these things... I'm sure if you had 76 users all behind a nat, accessing the resource on the other end of your nat if that would count... I think it would...
To clarify

76 Client at company X connecting through the nat'd ip of 1.2.3.4
connecting to your concentrator nat of 4.3.2.1 (which would map over to some server on your lan like 10.1.1.1) once the 76th person tried to connect they'd have reached the maximum.
It keeps track with what is passing in/out of the concentrator to the lan, not how many IP's it sees coming in (which in this example would only be one ip)
-rich
Avatar of neteducation
neteducation

Theoretically there is a limit at about 65'000. However the real limit is lower. You can't say an exact number, it's based on the load, the different connections use.

Basically to answer your question: It does not make any difference if the clients are coming in through NAT or not, you still have the same limits as before.
Avatar of clarkeyi

ASKER

I am a bit confused. So does this mean the limit is still 100 or nearer 65000?

Cheers
ASKER CERTIFIED SOLUTION
Avatar of neteducation
neteducation

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the advice. I will stick to 100 as the limit.

Thanks

Ian
Next question How do I split the point for richrumble and neteducation
Take one as the accepted answer and the other as "assist" (never done by myself, just seen several times here)
my experience is that you must not take actual figures from vendors seriously, you must test it to find out for yourself.

if you are about to make a decision for your business, the only way to be certain it to get it into your labs or go to cisco labs and make them demonstrate it.

Once you start trying to prove it, you will find that the vendors start to release practical numbers during the tests for different scenarios.

Cisco have got better but they do like most still put some spin on their figures.