Max. Concurrent IPSEC / VPN Tunnels

Posted on 2012-09-13
Last Modified: 2012-09-21

I am looking for a Access Solution working with up to 2.500 concurrent IPSEC VPN (or SSL VPN) Tunnels.

I know the Astaro/Sophos boxes very well,  but is this possible with an Astaro Box?
Maybe the best choice with Astaro/Sophos is to use the software version (unlimited licence) and 1(2) nice small 1he server boxes with good nics (which one?). Or does ist work with one of the UTM Appliances? I saw different numbers regarding the max. concurrent users e.g. on the UTM 525. Besides, there will be low traffic for each IPSEC VPN connection.

How can i calculate the hardware specs for 2500 concurrent conections (RAM/CPU/...)?

Any comment is appreciated!

Question by:xFester
    LVL 6

    Expert Comment

    have you got enough local IP's to give out for these 2,500 VPN users?

    Author Comment

    IPs are no Problem...
    LVL 6

    Expert Comment

    hardone without actually doing real tests, depending on encryption strength, connection speeds and other characteristics. I would recommend to build your server on an "upgradable" platform; you may start low spec and take it from there.............

    Accepted Solution

    Yes, but Astaro is e.g. Linux based. Did some more research, i think they are using StrongSwan and found:

    The IKEv2 daemon is inherently multi-threaded (16 threads by default). It has been shown that up to 20,000 concurrent IPsec tunnels can be handled on industry-grade VPN gateways.


    > where we emulated the initial setup, rekeying and reauthentication of
    > 1000 concurrent IPsec connections using virtual hosts on a single
    > 2.2 GHz Intel Core2 Duo notebook computer. At a rate of 5-6 connections
    > per second it takes about three minutes to establish the 1000 VPN
    > tunnels. How much less would it take on accelerated hardware???

    So it should be possible with a modern server system...

    Author Closing Comment

    best answer....

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now