clarkeyi
asked on
How many NAT incoming connections can a Cisco VPN 3015 concentrator recieve simultaneously?
Hello
I have a specific question regarding the Cisco 3015 VPN concentrator.
I know it can handle 100 simultaneous incoming connections\Tunnels. But I have been asked how many connectoins it could receive with one NATted IP address coming in to the concentrator?. Does each NAT connection still count as 1 or would it be infinite?
I had an answer of approx 65000 earlier but not sure if i worded the question correctly which I have hopefully done now
Thanks
Ian
I have a specific question regarding the Cisco 3015 VPN concentrator.
I know it can handle 100 simultaneous incoming connections\Tunnels. But I have been asked how many connectoins it could receive with one NATted IP address coming in to the concentrator?. Does each NAT connection still count as 1 or would it be infinite?
I had an answer of approx 65000 earlier but not sure if i worded the question correctly which I have hopefully done now
Thanks
Ian
I think that would be for all clientless connections, not just one nat'd address... cisco can be a pain about these things... I'm sure if you had 76 users all behind a nat, accessing the resource on the other end of your nat if that would count... I think it would...
To clarify
76 Client at company X connecting through the nat'd ip of 1.2.3.4
connecting to your concentrator nat of 4.3.2.1 (which would map over to some server on your lan like 10.1.1.1) once the 76th person tried to connect they'd have reached the maximum.
It keeps track with what is passing in/out of the concentrator to the lan, not how many IP's it sees coming in (which in this example would only be one ip)
-rich
To clarify
76 Client at company X connecting through the nat'd ip of 1.2.3.4
connecting to your concentrator nat of 4.3.2.1 (which would map over to some server on your lan like 10.1.1.1) once the 76th person tried to connect they'd have reached the maximum.
It keeps track with what is passing in/out of the concentrator to the lan, not how many IP's it sees coming in (which in this example would only be one ip)
-rich
Theoretically there is a limit at about 65'000. However the real limit is lower. You can't say an exact number, it's based on the load, the different connections use.
Basically to answer your question: It does not make any difference if the clients are coming in through NAT or not, you still have the same limits as before.
Basically to answer your question: It does not make any difference if the clients are coming in through NAT or not, you still have the same limits as before.
ASKER
I am a bit confused. So does this mean the limit is still 100 or nearer 65000?
Cheers
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the advice. I will stick to 100 as the limit.
Thanks
Ian
Thanks
Ian
ASKER
Next question How do I split the point for richrumble and neteducation
Take one as the accepted answer and the other as "assist" (never done by myself, just seen several times here)
my experience is that you must not take actual figures from vendors seriously, you must test it to find out for yourself.
if you are about to make a decision for your business, the only way to be certain it to get it into your labs or go to cisco labs and make them demonstrate it.
Once you start trying to prove it, you will find that the vendors start to release practical numbers during the tests for different scenarios.
Cisco have got better but they do like most still put some spin on their figures.
if you are about to make a decision for your business, the only way to be certain it to get it into your labs or go to cisco labs and make them demonstrate it.
Once you start trying to prove it, you will find that the vendors start to release practical numbers during the tests for different scenarios.
Cisco have got better but they do like most still put some spin on their figures.
Cisco VPN 3015 Concentrator
The Cisco VPN 3015 Concentrator is designed for small- to medium-sized organizations with bandwidth requirements up to full-duplex T1/E1 (4 Mbps maximum performance), with support for up to 100 simultaneous IPSec sessions or 75 simultaneous clientless sessions. Like the Cisco VPN 3005, encryption processing is performed in software, but the Cisco VPN 3015 is also field-upgradable to the Cisco VPN 3030 and 3060 models.
From http://cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
-rich