04-06-2020 02:04 PM - edited 04-06-2020 02:07 PM
Hello guys,
I came here for you guys to give a hand. Righn now a customer is having throughput issues with anyconnect clients, experimenting very low througput when transfering files. I know, you guys are going to think about the situation (COVID-19) and many people trying to connect to their company resources though VPN links, but our customer is telling me that they have been having this issue even before the outbreak, when not many users used Anyconnect VPN. They asked me if there is a way of adjust the BW for Anyconnect VPN clients or if the BW clients are getting is by demand. It would be great if you can help me with this.
By the way, we're using an ASA 5525-X.
Thank you so much in advance.
Solved! Go to Solution.
04-20-2020 11:41 AM
your client having issues when remote anyconnect client connects. the bandwidth is slow. there are many factor which could cause the issue.
1. initial start what is the link on outside interface how much utilization is consumed on outside interface.
2. anyconnect client getting a slow response if all of these end client having issue than could be a problem on ASA interface facing connection.
3. anyconnet clients are using TLS or DTLS.
4. why client are doing a downloading the data? any reason.
04-21-2020 09:03 PM
In addition to the good doc that @Sheraz.Salim mentioned, the answer regarding per-client bandwidth is that we cannot set that. A given tunnel-group/connection profile can be QoS policed/limited for all connected clients but otherwise each client will be given best effort for the presented traffic load.
04-20-2020 07:44 AM
Anyone?
04-20-2020 11:41 AM
your client having issues when remote anyconnect client connects. the bandwidth is slow. there are many factor which could cause the issue.
1. initial start what is the link on outside interface how much utilization is consumed on outside interface.
2. anyconnect client getting a slow response if all of these end client having issue than could be a problem on ASA interface facing connection.
3. anyconnet clients are using TLS or DTLS.
4. why client are doing a downloading the data? any reason.
04-21-2020 11:42 AM
1. initial start what is the link on outside interface how much utilization is consumed on outside interface. /ANS: Right now, we're having a lot of traffic in this interface, but this issue was happening even before the Coronavirus outbreak, I meant, since three or four months ago.
2. anyconnect client getting a slow response if all of these end client having issue than could be a problem on ASA interface facing connection. /ANS: we found out that ASA 5525X only supports until 300 Mbps encryption/decryption traffic, and right now, slow issue is mainly happening because of this, but, before of this situation, when not many useres usually were connected through VPN tunnels, connection was really slow too.
3. anyconnet clients are using TLS or DTLS. /ANS: we're having another issue, related with not using DTLS but TLS instead. This issue is about windows remote assitance some internal users (people inside the company) give to people connected trhough Anyconnect VPN. Apparently, we're having slow connections or sometimes the connection failed when people from helpdesk initiates this connection. The reason why we're not using DTLS is because our customer's ASA behind a Citrix load balancer whom is facing internet connection. Output ASA interface has a private IP address and this address is being nated on that Citrix device, so at Citrix device we're configuring a virtual server with HTTPS. A Cisco Engineer TAC told us that we need to use udp 443 port for the DTLS tunnel to be established. I don't know if these slow issues are related with this other issue.
4. why client are doing a downloading the data? any reason./ANS: clients needs to download resources from some servers and tryin to access Internet. We're not using split tunneling because there are several internet browsing policies our customer have configured for only enterprise users and devices can use internet service by using a proxy service.
Finally, I would like to know if it is possible to assign an specific BW for every anyconnect client or if it is not possible and each client take his BW by demand, I meant, every client taking as much traffice it needs.
Thank you so much in advance.
04-21-2020 12:39 PM
04-22-2020 07:31 AM
Hello, @Sheraz.Salim
Thank you so much for your answer and for that great document you shared. I think it is very explicit and really usefull.
04-21-2020 09:03 PM
In addition to the good doc that @Sheraz.Salim mentioned, the answer regarding per-client bandwidth is that we cannot set that. A given tunnel-group/connection profile can be QoS policed/limited for all connected clients but otherwise each client will be given best effort for the presented traffic load.
04-22-2020 07:32 AM
Hello, Marvin
Thank you so much. That was a great answer too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide