01-12-2021 12:43 AM - edited 01-12-2021 12:45 AM
Hi out there
I got a question which I cannot find an answer to - it sounds simple - what "troughput" can I expect trough a AnyConnect VPN tunnel?
I digged into it to verify - we are running a Cisco ASA 9.12 on a FPR-2120 chassis. It is uplinked with a dual-link portchannel - 2 x 1G - to a set of nexus 7700 - and we have a 1G internet connection in the company. According the specifications it can deliver 700 mbps on a ipsec tunnel - but nothing really stated for a AnyConnect client setup.
Here in the country is is common with 100mbps fiber links from the ISP which also delivers what is promised - but some users have higher bandwith - up to 1G also - and here comes the challenge - what troughput can be expected for those users? We can with iperf3 verify that we can get up to ~ 160mbits/sec but is this what we can expect or do we have a bottleneck somewhere in our network. I would have expected ~ 3-400mbps here...
The ASA is not much loaded - the links are running at around:
Load-Interval #1: 30 seconds
30 seconds input rate 76149552 bits/sec, 9857 packets/sec
30 seconds output rate 153456560 bits/sec, 17493 packets/sec
input rate 76.15 Mbps, 9.86 Kpps; output rate 153.46 Mbps, 17.49 Kpps
what is other seeing on troughput here?
What
01-12-2021 02:35 AM
01-12-2021 02:41 AM
ahh mohammed - these 475mbps is running FTD - but it is loaded with ASA and here you have ~ 700 mbps for "VPN"
our smallest links are dual-channel 1G links here - the uplinks betweeen the ASA and Nexus - and the internet connection which is 1G
Our PC's here are "decent" powerfull Windows 10 PC's with 8 or 16GB of ram - running idle and should not be the bottleneck
The ASA is solely serving as VPN Hub - no inspection or similar of the traffic - simply VPN headend
br ti
01-12-2021 03:18 AM
01-12-2021 04:59 AM
well - I think you have been just as long in the businiess as I have and know that Cisco specs not always are real world realistic so therefor it is interesting to know what we in fact can pull trough such a VPN hub - do we have some with a comparable setup which can share some numbers here or have you done a real world test on a ASA as VPN hub....
br ti
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide