topic Re: IPSec SA Congestion in Network Security

IPSec SA Congestion

zekebashi — Fri, 21 Feb 2020 16:14:22 GMT

Hello,

We've been having an issue with one of the IPSec Tunnels where the tunnel would stay up but becomes congested which causes significant traffic delays and latency. The only way to resolve the issue is if we reset the tunnel on one of the ends(i.e. Site A). I've been trying to search for information to explain why the tunnel would become congested, what commands to use to diagnose the congestion issue, and how to resolve such issues.

I appreciate the assistance.

Best, ~sK

Re: IPSec SA Congestion

Rob Ingram — Thu, 13 Sep 2018 16:09:21 GMT

Hi,
When you say congested that would imply that a lot of traffic is going over the VPN tunnel, you probably need to increase the bandwidth or use QoS to shape the traffic. You can use netflow in order to identify the top talkers (source/destination) and define QoS policies from there.

Assuming it's you are using an ASA the command "show local-host detail" would give use some information on the hosts and the number of connections, traffic etc.

HTH

Re: IPSec SA Congestion

zekebashi — Thu, 13 Sep 2018 16:35:56 GMT

Thanks for your input and suggestions. Yes, we're using ASAs. The command you provided is very helpful.

Much appreciated.

Best, ~zK