09-22-2011 11:46 AM - edited 03-04-2019 01:42 PM
We have a ciso 2800 router with a vpn over a WAN to a Checkpoint firewall
The WAN is 300M and has a 30ms delay
The vpn was moved over there from a WAN with on ly 2M BW but less delay.
But now the performance is worse.
ive read some about teh use of tcp-adjust-mss 1300 on the ciso router side fo the vpn and
was wondering if htat would help and what would be the potential impacts.
Am I correct in that teh data with the L3 packet will be adjusted to what is set at, and so then the over all L2 packet will be kept under 1500 bytes.
so no fragementation after the sec header applied?
just trying to find out why our vpn is so slow not but with much more Bandwidth?
any help is appreciated
thanks
09-22-2011 04:18 PM
Have you checked to see if you are getting the required bandwidth by using jperf and if there are any issues with the link such as drops? I have typically had issues with VPN that required adjusting the mss but I can't recall it ever being because of speed, typically certain applications would not work, and once adjusted everything works great.
You can follow the link below for more information on adjusting the mss
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
09-24-2011 08:00 AM
we have run ssc file transfers outside the tunnel and gotten 85mb/s and that;s with a 100M link at the source.
if I adjust hte mss sizedown at the vpn endpiont on one side to 1460 or less will that that stop any packet fragmentatoin on the vvpn
and will that be sent back to the hosts somehow
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide