Showing results for 
Search instead for 
Did you mean: 

Site-to-site VPN performance

Level 1
Level 1

We have a customer with an SA520 at site A on a 100/20 Mbps connection.  Site B has an RV 120W on a 100/20 connection.  Assuming that the lowest pipe will always win, I was expecting to get close to 20 Mbps between sites when traffic was low.  The result is quite astoundingly poor in comparison.  7 Mbps.  Windows PPTP VPN to as Server at Site A is 15 Mbps. I am testing using the LanSpeedTest utility from Totusoft.  Is there any way we can improve this speed? Firmware is uptodate on both.

12 Replies 12

Level 7
Level 7


Can you give some details about the tunnel?

What type of encryption/authentication?

Have you tested any different settings?

According to the Data Sheets, you should be seeing about what you expect:

RV120W VPN throughput: 25Mbps

SA520 VPN throughput: 65Mbps (Triple Data Encryption Standard (3DES)/ Advanced Encryption Standard (AES) VPN throughput*)

- Marty

I'm using 3DES SHA1. Haven't tried different settings.  Did notice that the SA520 wanted to be AES at first and I had to go in and set it all to 3DES.  What do you recommend?


I would test the lowest encryption first. The RV120W Data Sheet does not specify what was used to get 25Mbps. If you see better results with lower settings you will have to decide if a compromise is worth it.

- Marty

Thanks Marty,

I had to wait for workers to not be present, but unfortunately changing the VPN Policy Algorithm to DES made no impact.  I also tried AES-128 and got a minor change.   Then, for the sake of testing, I put the policy encryption to "none" and really only saw a moderate impact.  Instead of 7 Mbps, I got 10, which is still half the speed of the slowest connection stream.  I did change the IKE policy to AES-128, but figured as this was just for the negotiation phase, it really wouldn't make a difference once the tunnel was up.  Any more thoughts?


I can't think of anything else to try in regards to the VPN settings. Maybe try temporarily disabling everything under Firewall-> Attack Prevention on the RV120W? I remember some customers having speed issues with some of those settings checked.

What speeds do you get if you do a speed test from each router at

- Marty

100 Mbps down, 20+ up at each location


Did you check the latency between the two sites? Eats up your VPN performance...


Pleaase advise, ciscodrossy, how would I check latency exactly?

google is your friend (as the NSA would say ;-) )


Next best guess is the MTU...

I yield much better results since I switched from IPsec to OpenVPN tunnels, but one of the main issues to check first is the connectivity between your sites.

Have fun!

I ran WinMTR for a few days.  Please see attachments.  The only thing the disturbs me about the trace to the other site (server03) is that non-responsive hop after the router.  Clearly there was a huge hit in the trace at one point, but the average doesn't look too bad to me.  What do you think?


...I remember a statement that anything beyond 60 msec can make IPsec painfully slow, especially with protocols like samba. Your connection appears to have (frequent?) hickups with 4000+ msec latency, might prevent real fast data transfer. Did you check the MTU on both ends of the tunnel?


Also interesting



...not to forget about this funny piece of Soviet technology:

Level 1
Level 1

btw. I just saw the specs of the RV120Wsurprise


It's 10/100 Mb on WAN and LAN interfaces... does the device have enough power for an IPsec tunnel of that size?


eeeehhhm this new forum software drives me crazy, how did my reply end up on top of the discussion?blush