Cisco ISA550 IPSEC tunnel; configuring bandwidth


I wonder if there is a way to set 100% of bandwidth to an IPSEC tunnel? I was told by CSB support that the tunnel will take 50% of traffic and leave 50% for internet. I don't need to give 50% to the internet traffic, internet is coming from other side of the tunnel. How would I accomplish this?

Users report very sluggish internet since I setup this tunnel. I called for support and technician told me about the 50/50 split and how I cannot do QoS on the link. So, does anyone have any experience with this? I have 3mb internet connection on one side and 20mb internet on the other side. Customer wants all users to use remote side of tunnel for internet.


Hi misscat123,

I'm not sure what the 50/50 split is all about, but when measuring speed through the tunnel you need to consider your upload speed. If you have 20Mbps down and 1Mbps up, then the users at the other end of the tunnel will never see speeds higher than 1Mbps down. Add the fact that all traffic is encrypted and the speed goes down again. The upload speed on one end of the tunnel is the download speed on the other end.

I am not aware of any 50/50 split, if you are not using the internet directly then all bandwidth should be dedicated to the tunnel.

What are your upload speeds?

Are we talking about two ISA550s or are you connnecting to something else on the other end?

- Marty


Hi, thanks for your response.

I opened a case with Cisco Small Business support, and the tech told me that the IPSEC tunnel will take 50% of bandwidth and leave 50% for internet. Its an ISA550 on one side, SonicWall on the other. The speed tests they sent me from the SonicWall side are: 15.61 mbps download 15.86 mbps upload.

We have hosts on the Portland side connecting to Watsonville thru the tunnel, using RDP. The session gets sticky, hangs, drops. I was also told today that it doesnt' do that with Vista! Only XP? So we have a guy going to bring in his Win7 machine to test that theory. Thank you