Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
0
Helpful
6
Replies

Slow upload speed via STS ipsec FTD, FTDv ver=7.3

jararaca
Level 1
Level 1

‎09-02-2023 07:30 AM - edited ‎09-02-2023 07:41 AM

Hi Everyone
There are problems with FTD 1010, FTDv, FTD controlled via FDM
Ipsec sts is configured, but the download speed is 20 mb, and the upload speed is 2 mb through this tunnel. Tunnels are established through high-speed Internet channels. At first, I thought that the problem was in FTD 1010, but then I installed FTDv and got the same speed there. I change FTD to Zyxel ATP and the download speed changes to 25 mb, the upload speed changes to 25 mb. mss reduced - there is no problem here. Also no fragmentation

Why is the upload speed slowing down?

Can someone help with a solution?

Software ver=7.3.1.1-83

0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎09-02-2023 09:39 AM

 

 - Check established MTU on the tunnel , if it seems low try if you can tweak it , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

jararaca
Level 1
Level 1
In response to marce1000

‎09-02-2023 09:49 AM

This problem is not in MTU!
0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to jararaca

‎09-02-2023 10:02 AM

 

 - Good to know!           Have you checked the current value of the MTU ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

jararaca
Level 1
Level 1
In response to marce1000

‎09-02-2023 11:24 AM

It's ipsec-l2l, it doesn't have an MTU. I tried changing the MSS size, nothing changes.


Configuration Output->


Connection Name: *.*.*.*

Type: Policy Based

VPN Access Interfaces: outside (*.*.*.*)
Network: *.*.*.*

Peer IP Address: *.*.*.*
Peer Network: Network*.*.*.*

IKE Version 2
IKE Policy: aes-sha-sha-21,19,20
IPSec Proposal: aes-sha-1
Authentication Type: Pre-shared Manual Key

IKE Version 1: Disabled

IPSec Settings
Lifetime Duration: 28800 seconds
Lifetime Size: 4608000 kilobytes

Additional Options
NAT Exempt: —

Diffie-Hellman Group: Null (not selected)

0 Helpful

jararaca
Level 1
Level 1

‎09-04-2023 09:25 AM

Hi!

No working solution has been proposed. And no answers were given. Anyone else have some advice to share?

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to jararaca

‎09-04-2023 10:03 AM

 

  - Note that  the community is populated by customers and (Cisco) product users and it based on best effort (only) ; for official support in need for business solutions considerhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card