VPN limitation

Solved
Tazio4436
Here to help

VPN limitation

Hi,

We are using MX 100 in most of our site and we are using site to site VPN.

Our subnet is /21.

I know that the limitation for concurrent VPN is 250. I just wanted to know if for any reason we are exceeding 250 let's say we go to 251 will it drop one of the first connections or it will not even allow to build the 251st one.

Can /21 kill the MX100?

 

Thanks and regards

Tazio

1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal

@Tazio4436 that message is just warning you that you might end up with more tunnels than the MX can handle.  It won't automatically fail, but Meraki are suggesting you use a smaller address pool to limit the number of client VPN users.

 

It will allow you to save, but keep an eye on the number of clients and respective load on the MX.

If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

5 Replies 5
BrechtSchamp
Kind of a big deal

There is no hard limit to the number of tunnels it will build. The numbers are based on lab testing and are recommendations. Actual performance will vary per situation.

 

In a similar way there is a recommendation for no more than 500 clients behind an MX100. /21 could have 2000+ clients so it might suffer, yes. It might also just work, it all depends on what they're doing.

 

Note that It will display a warning if you use the DHCP server functionality and a subnet larger than /19 and it will do so each time you "Save settings":

warning_DHCP_size.PNG

Confirming that means that you'll effectively use the larger subnet, but the DHCP server will probably only hand out addresses from a smaller /19 pool. No issues with that apart from the fact that you'll likely have a large part of your subnet unused.

Tazio4436
Here to help

Thank you very much .

 

Regards

Abhi

Tazio4436
Here to help

Please see the error message I am getting.

Tazio4436_0-1598622395844.png

Thanks

Tazio

 

cmr
Kind of a big deal
Kind of a big deal

@Tazio4436 that message is just warning you that you might end up with more tunnels than the MX can handle.  It won't automatically fail, but Meraki are suggesting you use a smaller address pool to limit the number of client VPN users.

 

It will allow you to save, but keep an eye on the number of clients and respective load on the MX.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Tazio4436
Here to help

It works like a charm.

Thank you very much for help and support.

 

Tazio

Get notified when there are additional replies to this discussion.