VPN Latency is high across the VPN Tunnel

kathykooda · ‎05-10-2010

My latency from one Cisco 1800 router is very high back to the main Cisco 1800. When testing latency outside of the vpn, we have better response. Is there anything I can do with the configuration? Is there a way to narrow this down to the ISP? I have an IPSec tunnel. Routher has 12.3 IOS

spremkumar · ‎05-10-2010

Hi

Can you post out a network diagram of the scenario which you were referring in your post?

It will be easier to understand the problem points and the bottlenecks with a diagram.

regds

kathykooda · ‎05-10-2010

Remote location is a DSL internet connection and main office is a T1. Remote location is about 900 miles from main office. I have been having them do random pings to the main location on three devices:

Inside server at main location so the test is going across the VPN

Public DNS server (so packets are outside of the VPN)

Device at the remote location, to test out local LAN.

When the main office does the same test back to the remote location, our responses are better. I hope this helps present the picture. Here is the crypto & policy map:

crypto map ilcomn 1 ipsec-isakmp
set peer 209.240.247.154
set transform-set ESP-3DES-SHA
match address 100
qos pre-classify

policy-map QoS
class ef
   priority 240 30000
class af
   bandwidth 64
class class-default
   fair-queue
policy-map MQC
class class-default
   shape average 1900000
   service-policy QoS

paolo bevilacqua · ‎05-10-2010

"Very high" like how much?

What delay difference there is by pinging internal and external VPN address ?

kathykooda · ‎05-11-2010

From 200ms on up...even have hit 700 and above.

Internal LAN < 15 ms consistently.

It's when traffic is going through VPN, we have high numbers.