03-13-2011 03:40 PM - edited 03-11-2019 01:06 PM
Hi,
I have a client who claims his ISP service at a given site is just fine, but it is only when traffic goes over the site-to-site tunnel that things slow down noticably. This is a hub and spoke network with all ASAs at each site directly connected to the hub site. All are running the same code 8.2(4).
I have tested ping times and the site in question is 3 to 4 times slower than all other sites when pinging the same host at the hub site.
I thought it was a valid complaint because the tunnel configuration at the hub for that site was mucked up, part of the default group with no tunnel-group of its own. We got that cleaned up but the ping times didn't change.
Assuming the complaint is valid, what possible causes exist for a given tunnel to underperform?
Assuming the complaint is invalid, how I can prove to my client the tunnel is not the problem?
Thanks.
03-14-2011 08:35 AM
Hello,
Are ping times between the hub and problem site that are not across the tunnel normal? In other words, if you ping directly from the hub firewall to the problem spoke firewall, do you see the same delay?
-Mike
03-14-2011 08:42 AM
Hi Mike,
When testing the tunnel's response time, I only include end devices that terminate the tunnel to exclude other factors. I'm going to open a TAC case with a VPN engineer to see what we can dig up.
Thanks,
Larry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide