slow site-to-site vpn tunnel

lcaruso · ‎03-13-2011

Hi,

I have a client who claims his ISP service at a given site is just fine, but it is only when traffic goes over the site-to-site tunnel that things slow down noticably. This is a hub and spoke network with all ASAs at each site directly connected to the hub site. All are running the same code 8.2(4).

I have tested ping times and the site in question is 3 to 4 times slower than all other sites when pinging the same host at the hub site.

I thought it was a valid complaint because the tunnel configuration at the hub for that site was mucked up, part of the default group with no tunnel-group of its own. We got that cleaned up but the ping times didn't change.

Assuming the complaint is valid, what possible causes exist for a given tunnel to underperform?

Assuming the complaint is invalid, how I can prove to my client the tunnel is not the problem?

Thanks.

mirober2 · ‎03-14-2011

Hello,

Are ping times between the hub and problem site that are not across the tunnel normal? In other words, if you ping directly from the hub firewall to the problem spoke firewall, do you see the same delay?

-Mike

lcaruso · ‎03-14-2011

Hi Mike,

When testing the tunnel's response time, I only include end devices that terminate the tunnel to exclude other factors. I'm going to open a TAC case with a VPN engineer to see what we can dig up.

Thanks,

Larry