Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
5
Replies

Slow VPN Throughput

michael.holroyd
Level 1
Level 1

‎02-29-2016 01:44 PM - edited ‎03-05-2019 03:27 AM

I have two sites linked with a basic IPSEC tunnel between them.

I am struggling to get any more than 10MB across the VPN.

Site 1 has a 50MB LL and site 2 Is in a Data Centre with a 1GB Max connection.

Both routers are Cisco 1841 routers with VPN cards in.

I understand I will only ever get around 45MB but I am no where near.

I have removed the GRE tunnels and now just a basic IPSEC tunnel.

I have changed from 3DES to DES with no real change.

Any ideas..

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-29-2016 07:25 PM

Does one site have a PPPoE config, or anything that results in an MTU smaller than 1500?

Have you tried using "ip tcp adjust-mss" with an extreme value, say 1000?  See if that has any impact.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-29-2016 07:25 PM

Do any of the related interfaces have increasing error counters on them?

Can you get the full bandwidth out of the circuit, in both directions, with traffic not going over the VPN?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-29-2016 07:26 PM

ps.  An 1841 wont get even slightly close to 1Gb/s.  It normally only has 100Mb/s ports on it.  How have you interfaced a Gigabit connection to it?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-01-2016 05:53 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Philip is implying by his post asking about mss-adjust, fragmentation issues will often much slow your router's maximum throughput.  Are you aware of, and have you implemented, a configuration to minimize fragmentation?

0 Helpful

michael.holroyd
Level 1
Level 1

‎03-02-2016 06:27 AM

Hi,

Both Sites are RJ45 Presentation so no PPPoE to deal with

Both NICs on the 1841 routers have been tried at Auto/Auto and 100/FULL with no difference on the Outside Interfaces.

Have tried with and without "ip tcp adjust-mss 1403" on my external interfaces still no differences.

The ping across the VPN is pretty much ok but does occasionally miss a ping between sites.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card