This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full Mesh IPSec VPN using ASG 7

Hi,
I want to use ASG V7 to build a full mesh IPSec VPN over a MPLS network consist of 40 point.
I am worried about number of tunnel required to build this VPNs seems to be something like n(n-1)/2 (780 tunnel) and its impact on the UTM performance.
Is there any experience or similar implementation?

Regards,

This thread was automatically locked due to age.

0 drees over 17 years ago

I haven't actually tried it even with a much smaller number of nodes. The largest number of VPNs I have defined on a single machine is about a dozen.

Do you plan on using the mesh to achieve redundant routing across the VPNs? If so, I'm curious as to how you're planning to achieve this. Or do you simply wish each node to be able to connect to each of the other 40 nodes?

I would expect that the largest performance hit for that number of VPNs would be the initial setup and establishing connections of those connections. Once they are up, resource utilization should be fairly minimal.

I know that way back in 2000 people were using Linux to handle hundreds of IPsec connections without much drama, certainly on modern hardware a thousand shouldn't be a big deal.
Cancel
Vote Up 0 Vote Down

Cancel