cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1131
Views
0
Helpful
2
Replies

RV042 to RV082 tunnel, NAT-T and slow performance

oliversl1
Beginner
Beginner

Hi,

I have an RV042 VPN tunnel with an RV082.

The RV042 has a public IP Address obtained by PPPoE, the RV082 has a public IP Address

obtained via Static IP.

The problem I see is a really slow performance. Both internet conections are idle and the performance

is about 2 or 3 kbyte/s

My question are if I should I enable any of this:

- Agresive mode

- NAT Traversal

- IP Compresion

- Dead Pear Detection

How can I troubleshot this slow performance?

Regards,

Oliver

1 Accepted Solution

Accepted Solutions

Tom Watts
Advisor
Advisor

Hi Olivers, the first thing I'd recommend is to do an on-net speed test and an off net speed test. Meaning, using a speedtest site from your ISP then a speedtest from an external site like speedtest.com. This will give you an idea how your internet is behaving for both sides.

The second I would do is try to lower the tunnel encryptions. As an example if your tunnel is des/md5 it should have extremely low overhead and should increase in performance.

Things such as NAT-T would not help, this is a technology to help map nat'd addresses. Dead peer detection (DPD) is a mechanism that purges the VPN policy after an amount of time when the other side is not detected. Aggressive mode may help out with some speed, it basically sends all negotiations in a 1 shot instead of several phases.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

2 Replies 2

Tom Watts
Advisor
Advisor

Hi Olivers, the first thing I'd recommend is to do an on-net speed test and an off net speed test. Meaning, using a speedtest site from your ISP then a speedtest from an external site like speedtest.com. This will give you an idea how your internet is behaving for both sides.

The second I would do is try to lower the tunnel encryptions. As an example if your tunnel is des/md5 it should have extremely low overhead and should increase in performance.

Things such as NAT-T would not help, this is a technology to help map nat'd addresses. Dead peer detection (DPD) is a mechanism that purges the VPN policy after an amount of time when the other side is not detected. Aggressive mode may help out with some speed, it basically sends all negotiations in a 1 shot instead of several phases.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Thanks Tom!

I checked the "AH Hash Algorithm" and selected SHA1 and that solved the problem.

I will test later to lower the encryptions, right now they are setup at AES/SHA1/1

Regards,

Oliver

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers