Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Generally, there's no logical bandwidth cap on an IPSec tunnel.  The tunnel might have a low default bandwidth setting, but that doesn't actually limit tunnel performance.

That said, there's much that can impact an IPSec tunnel's performance.

First, encryption can be very processor usage intensive, so performance will depend much on the supporting hardware.

Second, encryption consumes additional bandwidth, for its overhead, which can be a fairly large percentage for small packets.

Third, an IPSec tunnel can often lead to packet fragmentation, which consumes both additional bandwidth and CPU performance.

There are many performance measurement tools, some free, that you might use.  Personally, on Windows hosts, I often use PCATTCP.  It's a very simple tool; I find the UDP bandwidth generator often good for testing end-to-end bandwidth capacity.  For example, I might set it to send 10 Mbps to the far side to confirm 5 Mbps gets there.