Learn how to a build a cloud-first strategyRegister Now


Max. Concurrent IPSEC / VPN Tunnels

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-09-21

I am looking for a Access Solution working with up to 2.500 concurrent IPSEC VPN (or SSL VPN) Tunnels.

I know the Astaro/Sophos boxes very well,  but is this possible with an Astaro Box?
Maybe the best choice with Astaro/Sophos is to use the software version (unlimited licence) and 1(2) nice small 1he server boxes with good nics (which one?). Or does ist work with one of the UTM Appliances? I saw different numbers regarding the max. concurrent users e.g. on the UTM 525. Besides, there will be low traffic for each IPSEC VPN connection.

How can i calculate the hardware specs for 2500 concurrent conections (RAM/CPU/...)?

Any comment is appreciated!

Question by:xFester
  • 3
  • 2

Expert Comment

ID: 38395560
have you got enough local IP's to give out for these 2,500 VPN users?

Author Comment

ID: 38395611
IPs are no Problem...

Expert Comment

ID: 38395666
hardone without actually doing real tests, depending on encryption strength, connection speeds and other characteristics. I would recommend to build your server on an "upgradable" platform; you may start low spec and take it from there.............

Accepted Solution

xFester earned 0 total points
ID: 38396656
Yes, but Astaro is e.g. Linux based. Did some more research, i think they are using StrongSwan and found:

The IKEv2 daemon is inherently multi-threaded (16 threads by default). It has been shown that up to 20,000 concurrent IPsec tunnels can be handled on industry-grade VPN gateways.



> where we emulated the initial setup, rekeying and reauthentication of
> 1000 concurrent IPsec connections using virtual hosts on a single
> 2.2 GHz Intel Core2 Duo notebook computer. At a rate of 5-6 connections
> per second it takes about three minutes to establish the 1000 VPN
> tunnels. How much less would it take on accelerated hardware???

So it should be possible with a modern server system...

Author Closing Comment

ID: 38421072
best answer....

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 7 hours left to enroll

804 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question