Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How many dmvpn isakmp connections could have on cisco 2811?

Hi to eveyone,

I have a problem with a Dynamic Multipoint VPN with a router cisco 2811. I would discard that the router couldn't support more than 100 isakmp sa connections, because over the 100 connections some of the tunnels cannot became up.

When disconnect one of the tunnel, the other that was down became up.

Another thing that could see is that the conn_id when i do a show crypto isakmp sa goes from 1000 to 1099, but it no appear any other number above the 1099.

It exist some limitations in the number of isakmp connections on cisco 2811?



Re: How many dmvpn isakmp connections could have on cisco 2811?

Hi Albert,

Please check this out:


Maximum Number of IPSec Encrypted Tunnels

The Cisco IPsec and SSL VPN AIM supports up to 800 tunnels on the Cisco 1841, up to 1500 tunnels on the Cisco 2800 Series, and up to 2000 tunnels on the Cisco 3800 Series. The Maximum Tunnel Scalability test is done with no data passing over the tunnels to only determine maximum number. For site-to-site design, Cisco recommends you consult with your Cisco account team or a Cisco authorized reseller and also review the Cisco DMVPN Design Guide at:

With the software crypto engine there indeed is a 100 IKE SA limit and it is the same for the HW crypto engine on the 2811. There is 200 tunnel limit in the documentation, which  doesn't refer to the number of IKE SAs but it means the number of IPSec flows (from which you have two for each tunnel).

To have more VPN connections you will have to obtain a VPN accelerator module for the router.

So, at this point I would recommend you check with your Cisco account team or a Cisco authorized reseller.

Mark this question as answered if you do not have any further questions.

Thanks for your time and I apologize for any inconvenience.

Please rate this post if you find it helpful.

CreatePlease login to create content