I don't know what kind of servers you are using but I find a 1 vpn connection per machine limit astounding (and I wouldn't give such a server OS house-room!). Where I worked from 2002 to 2009 we used Windows 2000 Server at first and later Windows 2003 Server and had many simultaneous VPN connections from our main in-house server in London to customer servers all around the world and to our other offices. Not 3500 connections at one time (nowhere near, in fact) but a good deal more than 4 or 5 on Win 2000 Server and when we went to Win 2003 we grew to more connections than we had had on Win 2000.

Connection setup time depends very much on two things: firewall performance (at both ends) and network performance (both latency and bandwidth are relevant); if customers have good internet connection, decent and sensibly configured firewalls, and competent network management you can get 1 sec setup time provided the loop delay is not too great (you're obviously not going to get 1 second connection setup if the loop delay is 1.5 seconds).

Even if your connection time is good you can't guarantee that it won't suddenly go bad: our connection setup times for customers in the Middle East increased by a large factor when some sailor accidentally cut through an underwater cable there. DO you need to maintain the 1 sec connection setup time limit when something like that happens?