Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1460
Views
0
Helpful
2
Replies

RV042 to RV082 tunnel, NAT-T and slow performance

Go to solution
oliversl1
Level 1
Level 1

‎02-19-2013 08:44 AM

Hi,

I have an RV042 VPN tunnel with an RV082.

The RV042 has a public IP Address obtained by PPPoE, the RV082 has a public IP Address

obtained via Static IP.

The problem I see is a really slow performance. Both internet conections are idle and the performance

is about 2 or 3 kbyte/s

My question are if I should I enable any of this:

- Agresive mode

- NAT Traversal

- IP Compresion

- Dead Pear Detection

How can I troubleshot this slow performance?

Regards,

Oliver

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tom Watts
VIP Alumni
VIP Alumni

‎02-19-2013 05:16 PM

Hi Olivers, the first thing I'd recommend is to do an on-net speed test and an off net speed test. Meaning, using a speedtest site from your ISP then a speedtest from an external site like speedtest.com. This will give you an idea how your internet is behaving for both sides.

The second I would do is try to lower the tunnel encryptions. As an example if your tunnel is des/md5 it should have extremely low overhead and should increase in performance.

Things such as NAT-T would not help, this is a technology to help map nat'd addresses. Dead peer detection (DPD) is a mechanism that purges the VPN policy after an amount of time when the other side is not detected. Aggressive mode may help out with some speed, it basically sends all negotiations in a 1 shot instead of several phases.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Tom Watts
VIP Alumni
VIP Alumni

‎02-19-2013 05:16 PM

Hi Olivers, the first thing I'd recommend is to do an on-net speed test and an off net speed test. Meaning, using a speedtest site from your ISP then a speedtest from an external site like speedtest.com. This will give you an idea how your internet is behaving for both sides.

The second I would do is try to lower the tunnel encryptions. As an example if your tunnel is des/md5 it should have extremely low overhead and should increase in performance.

Things such as NAT-T would not help, this is a technology to help map nat'd addresses. Dead peer detection (DPD) is a mechanism that purges the VPN policy after an amount of time when the other side is not detected. Aggressive mode may help out with some speed, it basically sends all negotiations in a 1 shot instead of several phases.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Go to solution
oliversl1
Level 1
Level 1
In response to Tom Watts

‎02-20-2013 08:12 AM

Thanks Tom!

I checked the "AH Hash Algorithm" and selected SHA1 and that solved the problem.

I will test later to lower the encryptions, right now they are setup at AES/SHA1/1

Regards,

Oliver

0 Helpful
Customers Also Viewed These Support Documents