Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
866
Views
0
Helpful
0
Replies

ASA 5506 Site-to-site VPN Packet Loss Expectations and Mitigation

fmarshall3
Level 1
Level 1

‎02-03-2022 02:37 PM

Reference: https://community.cisco.com/t5/network-management/communications-layer-quality-requirements-tcp-ip-on-a-vpn/td-p/2856042

The referenced discussion refers to:"Rate Based Satellite Control Protocol". and WAAS in a situation which may be a reasonable model for our situation:

We have a site-to-site production VPN which is supported by ASA 5506 at our end and, I believe, the same at the other end.

We are essentially communicating very low data rate "smart terminals" at our end with an application server at the other end.

Here is what we are seeing:

The application at the server "errors out".  Sometimes this is so bad that users can't even log on.  Other times, it happens in the middle of doing transactions.  Either way, the app has to be restarted.  So, it's bad.

The situation is variable:

When it's really bad then the tunnel drops out.

When it's bad then the tunnel stays up.

When it's marginal then the tunnel stays up.

In all cases, monitoring the VPN channel with PingPlotter, we see packet loss that varies from:

- acceptable: the application continues to work without many errors (as describe above), at all.

- marginal: the application errors out often enough to cause complaints but production limps along.  Packet loss is evident.

- unacceptable: the application errors 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents