How many dmvpn isakmp connections could have on cisco 2811?
Hi to eveyone,
I have a problem with a Dynamic Multipoint VPN with a router cisco 2811. I would discard that the router couldn't support more than 100 isakmp sa connections, because over the 100 connections some of the tunnels cannot became up.
When disconnect one of the tunnel, the other that was down became up.
Another thing that could see is that the conn_id when i do a show crypto isakmp sa goes from 1000 to 1099, but it no appear any other number above the 1099.
It exist some limitations in the number of isakmp connections on cisco 2811?
The Cisco IPsec and SSL VPN AIM supports up to 800 tunnels on the Cisco 1841, up to 1500 tunnels on the Cisco 2800 Series, and up to 2000 tunnels on the Cisco 3800 Series. The Maximum Tunnel Scalability test is done with no data passing over the tunnels to only determine maximum number. For site-to-site design, Cisco recommends you consult with your Cisco account team or a Cisco authorized reseller and also review the Cisco DMVPN Design Guide at:http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
With the software crypto engine there indeed is a 100 IKE SA limit and it is the same for the HW crypto engine on the 2811. There is 200 tunnel limit in the documentation, which doesn't refer to the number of IKE SAs but it means the number of IPSec flows (from which you have two for each tunnel).
To have more VPN connections you will have to obtain a VPN accelerator module for the router.
So, at this point I would recommend you check with your Cisco account team or a Cisco authorized reseller.
Mark this question as answered if you do not have any further questions.
Thanks for your time and I apologize for any inconvenience.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :