04-12-2006 04:55 AM - edited 02-21-2020 12:50 AM
All, I have set up a site to site VPN with a remote office, the remote office has a 501 and my site has a 515. The tunnel works fine, however my users in the remote office complain about the speed...we have a leased line of 2mb the remote site is in a serviced office that has a 2mb leased line, however this pipe is shared between about 10 other companies (thats your first issue I hear you say) Is there anything I can do about the speed through the tunnel other than get the remote site to have dedicated links just for them? i.e is there any issues with a 501 talking to a 515 or can I set an MTU somewhere? I have set the encryptionto be triple DES which i know has an overhead, but for security's sake I dont want to go any lower than that....has anyone any suggestions.....thanks
04-12-2006 05:12 AM
What does mean slow speed???Users should understand that VPN is not simply LAN so if they trying open large files it is slow
Can you ping form one side to other (when is no huge traffic on VPN) and tell us what is round trip in ms?????
Also 501 is SOHO device and it hasnt so great performance like 515 or some 1700, 1800 routers
M.
04-13-2006 01:01 PM
Hello,
you might want to try and set the MTU size on your interfaces to 1350, and see if that makes a difference. You can use the global command:
mtu outside 1350
mtu inside 1350
Regards,
GNT
04-17-2006 01:09 PM
Hello,
i think I read somewhere that the PIX 501 has the encyption speed of 340kb/s, so.....
Also it could be a MTU and "ICMP need fragment issue". Make a sniff on the user side whether they are getting "ICMP need frament packet".Did you set up the MTU for the IPsec tunnel? If not, set it to something like 1300 to see whether it helps.
IPSec/3DES overhead is about 56 bytes per packet, so it is not so bad...
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide