How many VPN tunnel on Router 1841 and 2821?

rechard_david · ‎09-01-2009

Dear All,

Anybody did u know Cisco Router 1841 and 2821 how many VPN tunnel ? As i knew that on ASA 5505 it had 10 tunnel VPN and ASA 5510 it had 250 tunnel VPN but i don't know the router ?

Could you let me know about the router?

If depend on IOS how can i know which IOS how tunnel support IOS?

Best Regards,

Rechard

Peter Paluch · ‎09-01-2009

Hello Rechard,

According to the datasheets, the 1841 can support up to 800 VPN tunnels with an AIM VPN module, and the 2821 can support up to 1500 tunnels with an AIM VPN module. However, these numbers are maximal numbers and they were determined without having the data actually passing through the VPN, only creating the tunnels so the real number of tunnels with which the router still gives reasonable performance might and will be lower.

The AIM I am talking about is a module that offloads the crypto work from the main processor or the onboard encryption engine. Its datasheet can be found here:

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers_ps5853_Products_Data_Sheet.html

Also consider the encryption throughput of the AIM indicated in the datasheet and take into account that it will be shared among all tunnels. Regarding IOS version, the IPsec VPNs are available in Advanced Security and higher feature sets.

Even without this module, the 1841 and 2821 routers should support a number of tunnels at least in order of tens. However, I do not have any performance data. According to the AIM datasheet, however, the performance of the onboard crypto engine on these platforms can be up to 40% lower than the performance of the AIM.

Best regards,

Peter

rechard_david · ‎09-01-2009

Dear Peter,

Thank you for your information !!!

i not clear some points, could you let me know:

1- if i buy AIM module, How can i install it into router 1841 and 2821? ( The module AIM we install into slot (Hwic) right? if not, how can ?

2-on Router 2821 with advance security IOS can it support 50 VPN tunnels (without AIM module)?

Best Regards,

Rechard

Peter Paluch · ‎09-02-2009

Hello,

According to the datasheet, there are slightly different versions of AIM modules for different router series - the AIM-VPN/SSL-1 is intended for 1841 series while the AIM-VPN/SSL-2 is intended for 2800 series including the 2821. The AIM module is plugged in a special socket inside the router (removing of router cover is necessary). It does not go into NM/WIC/HWIC slots.

While I think that the 2821 will support 50 VPN tunnels without AIM module, I cannot say what will be the VPN throughput. My rough estimation is that if the AIM increases the efficiency by 40% and according to the datasheet it is able to provide an encryption speed of 30 Mbps for IPsec IMIX traffic, then the router without AIM should be expected to provide about 21 Mbps of encryption. This will be shared among 50 tunnels so if each tunnel is fully loaded, the throughput for a single tunnel will be about 419 kbps. Somebody correct me here - I do not have first-hand experiences with that. Of course, the real encryption throughput largely depends also on the individual traffic so these are indeed only very rough numbers.

Best regards,

Peter