DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
IPSec performance
- conival
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
23 Aug 2018 15:21 #92678
by conival
IPSec performance was created by conival
Can anyone give me an idea of the maximum number of users you should realistically expect to be able to use on a an site to site IPSec VPN and Remote Desktop?
We have a client that has three remote sites; two sites have approximately 5/6 users, and the third site has a maximum of 18 users. All sites (including the main one) are on 2860/ 2862s. All are on 20 or 30 Mb leased lines.
The two smaller sites are generally OK, but the third site gets real problems.
We have another client with similar setup and numbers, but they use 3900s at both ends - no problems.
I'm just trying to see if the 2860s are man enough for the job, or whether we need to replace them with 3900s.
We have a client that has three remote sites; two sites have approximately 5/6 users, and the third site has a maximum of 18 users. All sites (including the main one) are on 2860/ 2862s. All are on 20 or 30 Mb leased lines.
The two smaller sites are generally OK, but the third site gets real problems.
We have another client with similar setup and numbers, but they use 3900s at both ends - no problems.
I'm just trying to see if the 2860s are man enough for the job, or whether we need to replace them with 3900s.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
23 Aug 2018 16:36 #92680
by hornbyp
Replied by hornbyp on topic Re: IPSec performance
I found this on
the Draytek Website
, which says :-
... but it is talking about SSL Teleworkers at this point.
Given the (relatively) slow speed of the connected lines, I wouldn't expect throughput to overwhelm the 2860, but I suppose it could still run out of other resources (i.e. memory), if trying to keep track of a lot of users.
I'm sure there was some better information on the Draytek Website - but I can't find it now. I even had a poke around the WayBack Machine's archive...
Code:
"For remote teleworkers and inter-office links, Vigor2860n plus Combo WAN router provides up to 32 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP
protocols) for secure data exchange and communication. With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key
hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. "
and
"After F/W 3.7.3, the Vigor2860 series allows up to 16 simultaneous incoming users."
... but it is talking about SSL Teleworkers at this point.
Given the (relatively) slow speed of the connected lines, I wouldn't expect throughput to overwhelm the 2860, but I suppose it could still run out of other resources (i.e. memory), if trying to keep track of a lot of users.
I'm sure there was some better information on the Draytek Website - but I can't find it now. I even had a poke around the WayBack Machine's archive...
Please Log in or Create an account to join the conversation.
- conival
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
24 Aug 2018 11:39 #92682
by conival
Replied by conival on topic Re: IPSec performance
One other factor is that the router at the busy branch has now restarted a couple of times.
At first I thought it was a power issue and so I plugged it into a UPS, but it happened again.
I spoke to SEG, who said that the router can restart if there's too much traffic:
"The router might be rebooting because it gets stuck with too much traffic coming through. If you make too many, the router will stop working and need a reboot.
I would suggest you limit the speed and check if that resolves your problems."
As you said, I get the feeling that their 32 simultaneous VPN tunnels might refer to individual "teleworkers", whereas we have 18 users at one site and approx six users at the other two sites.
I really think the 2860s just aren't up to the job for that number of users going down one VPN pipe (I've split a couple of users off to a separate router, line and VPN to see the comparison)
At first I thought it was a power issue and so I plugged it into a UPS, but it happened again.
I spoke to SEG, who said that the router can restart if there's too much traffic:
"The router might be rebooting because it gets stuck with too much traffic coming through. If you make too many, the router will stop working and need a reboot.
I would suggest you limit the speed and check if that resolves your problems."
As you said, I get the feeling that their 32 simultaneous VPN tunnels might refer to individual "teleworkers", whereas we have 18 users at one site and approx six users at the other two sites.
I really think the 2860s just aren't up to the job for that number of users going down one VPN pipe (I've split a couple of users off to a separate router, line and VPN to see the comparison)
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek