Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1628
Views
0
Helpful
4
Replies

AnyConnect speed

neillix702
Level 1
Level 1

‎01-04-2011 04:53 PM - edited ‎03-11-2019 12:30 PM

Hi folks, i have setup two AnyConnect profiles.  One profile is Split-Tunneling and the other is Tunnel all Networks(No Split).  Split-Tunneling speed is averaging 70 Mbps (Download), Tunnel all Networks speed is very very slowww (Average 1.83 Mbps download).  I can see that there will be performance difference but this is a big difference between the two.  Does anyone currently having this issue or is this normal?  Im running the ASA5520 with 1Gb Ram.

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎01-04-2011 05:00 PM

Split tunnel means that traffic destined for the Internet is going directly from your PC towards the Internet, and tunnel all traffic means that traffic destined to the Internet is first encrypted, sends to the tunnel towards the ASA, gets decrypted, sent to the Internet, and the return traffic follows the same path, ie: Internet back towards the ASA, get encrypted, sends back towards the AnyConnect PC, decrypted before it completes.

As the traffic needs to traverse back to the ASA, it really depends on how busy the ASA is which also adds in to the performance/latency. And the speed on the ASA ISP also plays a role.

0 Helpful

neillix702
Level 1
Level 1
In response to Jennifer Halim

‎01-04-2011 05:28 PM

I understand that part or the concept.  the question i have is, why is it a big difference since the ASA is only hosting a couple of AnyConnect users.  Im currently testing AnyConnect in my lab and i dont have a whole lot traffic on this ASA.

0 Helpful

neillix702
Level 1
Level 1
In response to neillix702

‎01-05-2011 08:45 PM

What im also concerned is AnyConnect performance in comparison with IPSEC.  IPSEC is 10x faster than AnyConnect and i was wondering if anyone out there are experiencing any performance speed for AnyConnect.  i tried modified the MTU and speed still slow.

0 Helpful

Bastien Migette
Cisco Employee
Cisco Employee
In response to neillix702

‎01-06-2011 02:28 AM

Hello,

How do you test your speed ?

As described above, in full tunnel mode you'll pass a lot of traffic in the tunnel, which can be broadcast from windows, background app and so on.

You might have as well stronger encryption algorithm.

A last thing to increase anyconnect speed, try to uses DTLS:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html#wp1059928

This will cause to rely on UDP instead of TCP for the svc, cause tcp in tcp can cause additional delays.

See explanation:

http://sites.inka.de/bigred/devel/tcp-tcp.html (1st google link tcp in tcp)

Hope this help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card