Solved: Cisco 891F with ZBF and IKEv2 tunnel slow download speeds - Page 3

igor.hamzic81 · ‎06-15-2023

Hi all,

in one of our branch offices we have switched from a dedicated line between locations to a internet link(50 Mbps) with IKEv2 tunnel to the main office on our 891F router. Since the router is now connected to the internet we also implemented ZBF on it for basic security.

All the traffic from the branch office is sent over the VPN tunnel to the main office and then to wherever it needs to go.

Since the change the users are having problems with slow download speeds from the main office from whatever source (ie. downloads from the internet, from office servers, ...).
Strangely enough traffic upload to the main office servers or to the internet or web surfing are fast using the same path and going over the same equipment.

This problem has me scratching my head as I really can't pinpoint the problem as the internet link itself is stable, VPN tunnel is stable, ZBF configuration is quite simple, there are no drops on the interfaces, router itself has CPU usage of 20 - 30%, there is no NAT.

I tried removing ZBF between INSIDE and OUTSIDE zones with no effect, simplified the ZBF, added ooo paramater map as I read it could help but nothing produced any result.

My suspicion is that something on the 891F router is the problem but I just can't figure it out.
I'm attaching the relevant config and hope that someone can point to where to look and how to solve this issue.

MHM Cisco World · ‎06-21-2023

You are so welcome

igor.hamzic81 · ‎07-11-2023

Hi all,

sorry for the late reply but some emergency work took my time. Anyway the provider upgraded/replaced their equipment and the issue went away. It's quite a better situation then before.

Thank you all for great help on what to do. Besides helping me in my troubleshooting it showed me some valuable options for the future.