Recommended client devices vs Recommended max concurrent client VPN tunnels

ScottG67
Here to help

Recommended client devices vs Recommended max concurrent client VPN tunnels

Hello All,

 

I have deployed a MX100 with a mix of mx67 and Z3 devices as well as a number of Windows 10 client vpn machines. From the MX100 documentation it says the Recommended maximum concurrent client VPN tunnels is 250 and Recommended client devices is 500. I am thinking this means my MX67 and z3 count against the 250 recommended number and my windows 10 devices count against the 500 devices? I am planning on upgrading to MX250 but I am trying to find out how fast I need to upgrade.

 

https://meraki.cisco.com/product-collateral/mx-sizing-guide/?file

 

 

If anyone can clear up the muddy waters that would be create.

 

Thanks,

Scott

2 Replies 2
Bruce
Kind of a big deal

Here's my understanding...

  • The MX67 and Z3 count towards the site-to-site VPN number (and if you need to calculate the number of tunnels if you are using dual WAN/internet connections)
  • The Windows 10 VPN client counts towards the maximum client VPN tunnels, and the 500 client devices (since they are both a client, and they are establishing a VPN tunnel)
  • The recommended number of client devices is the number of devices on the 'inside' of the MX, so pretty much the devices that are listed when you look on the Network-wide -> Clients page of a network

I believe other than the 'Max concurrent site-to-site VPN tunnels' they are all recommendations and your mileage will vary depending upon traffic flows and the other features you have enabled on the device. Any VPN terminations have a high impact on performance due to the encryption/decryption that the processor has to do.

 

Best approach is to monitor the appliance utilisation, under the organisation -> summary reports -> then select the appropriate appliance network, and when you start seeing utilisation consistently getting towards the 80% mark then I'd start planning the upgrade.

ScottG67
Here to help

Thanks Bruce for the explanation this makes sense for sure. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels