cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
704
Views
0
Helpful
0
Replies

Slow S2S VPN Tunnels, Lots of Fragmentation?

JackPIT
Level 1
Level 1

Hello, I'm new to the forum and new to the company I work for. I am currently over seeing a small network set up with 5 remote sites that is experiencing very slow VPN tunnel speeds.

 

Our Main site is has a ASA 5510 (50/50 fiber) and the remotes all have 5505's (10/10 fiber) with one being a newer 5506-x. Our problem is absolutely creeping speeds. File transfers average 700-800 Kbps and peak at maybe 1.1Mbps. Bootups and Logins are slow due to the DC being at the main branch. Our main program is very database reliant and is so slow it's unusable if you are on the otherside of the tunnel. This caused them to invest in remote desktops to seem like they are working from the main office.

 

We recently swapped out the 5510 to a same model with the upgraded security license to get the full 1000Mbps speed at the port. But file transfers still averaged 800-900Kbps, maxing out at maybe 1.4Mbps.

 

In the data sheets it says the max VPN tunnel throughput is 170Mbps so that shouldn't be the bottleneck.

 

Lots of research always points to messing with the MTU and running some ping tests from either side of our tunnels, it does seem that packets that are 1500 MTU get fragmented.

 

1400 seems to be the only packet size that works in cmd ping tests, but what interfaces do you change for MTU size in the tunnels? Do I change MTU for both firewalls on both sides of the tunnel? 

 

And then MSS somehow factors into it which I don't really understand too well.

 

I can post whatever configs or tests you need to see. Just have to edit out first before I post.

0 Replies 0
Review Cisco Networking for a $25 gift card