"The MX sizing guide has some helpful guidelines on how many Client VPN connections that can be supported on each platform. The MX67/MX68 it’s recommended that only 50 Client VPN connections be active at a time. The MX450 is able to handle about 300 clients."

The sizing guide states 1500 for this, not 300. Not sure if that is a typo or not.

Good point @NolanHerring .  I think its almost worth there being a banner on the Meraki.com page which lists VPN information in an easy to find place including sizing and setup guides / videos. 

 

Many customers are scrambling to get remote access working. 

Sizing is definitely something that can have an impact with today‘s situation:

Something that has been tested for „usual“ road warriors sitting in airports, hotels etc. to read their emails or access internal systems are currently being replaced by dozens of people sitting in their (usually well equipped inet circuits running a lot of video conferencing and things like that).

 

So in a nutshell I feel like being really conservative with sizing details is a good idea nowadays.

I figured it was supposed to say 3000, since its the MX450 which is like what...tens of thousands of dollars after discount? 50 clients on an MX67 which is like 800 bucks, vs 300 clients on an MX450. Math don't add up lol. Sizing guide actually says it can handle 5000 max, and they recommend around 1500. If they recommended 3000 that would make more sense since its just a little over half the max. That is conservative to me =P

With the MX450 I did lower it on purpose just with some real-world results that I've seen. For the MX67 I did not change from the sizing guide. I'll have to see if I can get some better numbers on these. 

For those still going to work - TfL (London Transport) - is using leaky feeder technology to provide 4G coverage (all 4 major providers) on the underground. The pilot program is up and running on the Jubilee Line between Westminster and Canning Town, so usefully for commuters between Waterloo Railway Station and Canada Water.

 

How fast? 230 Mbps is a reality.

 

So I'm looking at wiring up some Lithium batteries, in series, and testing the Z3C whilst in the Underground tunnel. (aside how robust is the Z3C if the Amps are over spec?).

 

Lets hear it for leaky feeder tech!🤣

Good luck @Uberseehandel  I just hope the London Metro police don't think your carrying some type of remore explosive!

@BlakeRichardson 

I'm taking a Z3C on the Jubilee line - not a BOOM Box!!!! 🤣 😇 🤡 💃 🕺 

---

@CN wrote:

A couple of days ago we made some tweaks to the layout of the Client VPN page. Most of these changes are straightforward, just helping provide guidance on the different options that are available. Also some FAQs of what might be going wrong. 

 

One thing that is really new is on the Network-wide > Clients page. I didn't realize it until someone pointed it out to me, so I thought I'd share. You can now filter for Client VPN connections. 

 

---

 

 

 

 

 

 

 

Thanks @CN  - there have been at least 3 or 4 posts in the last several days specifically asking for a better options on viewing Client VPN connections, due to the boom in people working from home etc.  Not sure if what you guys have updated helps yet but I think one of the issues was being able to easily 'see' failed client connections, where as now I think they have to dig through syslog.

Heh, I didn't realize the is:client-vpn option was new.

I recently got the question from a customer to checkout the load on the MX due to the amount of VPN's.
So I prepared the solution by trying it out myself.

So I started with selecting only MX clients ( so I saw all up and downstream traffic of the MX of the selected timeperiod 2hours)
Then I filtered using the new is:client-vpn and found that the usage had a "matches up and down Mbps" area so with the graphic I now had a view of the last 2 hours of the traffic used of all VPN users.  Cool..

I have been getting alot of questions about the split tunnel, so this morning I looked at the Microsoft documentation and found the easiest fix is actually adding the VPN connection in Powershell using the AddVpnConnection command with the -SplitTunnel option and then adding another command AddVpnConnectionRoute which adds a static route to the specific to reach subnet.  And voila problem solved.