Can anyone give me an idea of the maximum number of users you should realistically expect to be able to use on a an site to site IPSec VPN and Remote Desktop?

We have a client that has three remote sites; two sites have approximately 5/6 users, and the third site has a maximum of 18 users. All sites (including the main one) are on 2860/ 2862s. All are on 20 or 30 Mb leased lines.

The two smaller sites are generally OK, but the third site gets real problems.

We have another client with similar setup and numbers, but they use 3900s at both ends - no problems.

I'm just trying to see if the 2860s are man enough for the job, or whether we need to replace them with 3900s.

I found this on the Draytek Website , which says :-

Code:

"For remote teleworkers and inter-office links, Vigor2860n plus Combo WAN router provides up to 32 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP protocols) for secure data exchange and communication. With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. " and "After F/W 3.7.3, the Vigor2860 series allows up to 16 simultaneous incoming users."

... but it is talking about SSL Teleworkers at this point.

Given the (relatively) slow speed of the connected lines, I wouldn't expect throughput to overwhelm the 2860, but I suppose it could still run out of other resources (i.e. memory), if trying to keep track of a lot of users.

I'm sure there was some better information on the Draytek Website - but I can't find it now. I even had a poke around the WayBack Machine's archive...

One other factor is that the router at the busy branch has now restarted a couple of times.

At first I thought it was a power issue and so I plugged it into a UPS, but it happened again.

I spoke to SEG, who said that the router can restart if there's too much traffic:

"The router might be rebooting because it gets stuck with too much traffic coming through. If you make too many, the router will stop working and need a reboot.
I would suggest you limit the speed and check if that resolves your problems."

As you said, I get the feeling that their 32 simultaneous VPN tunnels might refer to individual "teleworkers", whereas we have 18 users at one site and approx six users at the other two sites.

I really think the 2860s just aren't up to the job for that number of users going down one VPN pipe (I've split a couple of users off to a separate router, line and VPN to see the comparison)