Hello all. I have a few issues I am trying to resolve that I have been working on for a few days. Quick intro to my environment.
Site A ASA 5505 > Microwave Shot > ISP 200ms / 2 Workstations on LAN
Site B ASA 5505 > vSat > ISP 800ms / Catalyst 10GB switch with 2 VLANs (555-Main network / 254 Multicast network)
I only have control on ASA's outside (Both static IPs) interfaces and inwards. Bandwidth at Site A is 10Mb down 5Mb up and bandwidth at Site B is 2Mb down 2.5Mb up.
I know I need to upload configs to help troubleshoot, I will not have access to the equipment for another 10 hours and will need to scrub them, then I will provide them.
.
The 555 network at Site B is the main network that re streams multicast/unicast. The 254 network computer sends the stream from the main source to the 555 network. Server on 555 network receives stream and re streams it multicast locally to the 555 network and unicast across the site to site VPN to Site A.
So WS1 (254 VLAN on Catalyst) streams to Server1 (555 VLAN on Catalyst) -Then- Server1 re-streams video multicast to 555 network and unicast over ASA VPN to WS 2@Site A
Both sites I have made sure to create object network LAN and object network REMOTE-LAN. I have ACL at both sites that allows LAN to talk to REMOTE-LAN (I also have ANY ANY while troubleshooting)
I walked through the site to site VPN wizard and selected peer address, local lan and remote lan and did not select the NAT checkbox. I have verified that traffic works across the VPN, I can RDP across the link and access cifs shares.
The problem that we are seeing is a tremendous amount of drop packets with IPERF3 testing. During this time I monitor IKEV1 VPN and see no dropped packets. The video stream we have testing with a config file of 300Kb/10 FPS and also 1500Kb/15 FPS. The video is choppy with grey in it most of the time. We see the packet loss only when we run IPERF3 with anything greater than 1500 so that leads me to believe it is a MTU issue, but we have set in our config file lower fragmentation to help support this and it made no difference.
The other issue I need to resolve is allowing Internet traffic alongside VPN traffic at Site A. I have tried a few configs from the dozens of articles and none seem to work. The most recent config I tried was
nat (inside,outside) source static LAN LAN destination static REMOTE-LAN REMOTE-LAN
but dns doesnot seem to work properly with this. On the 2 WorkStations at Site A I am using dns1 & 2 as the DCs that reside at Site B with a third DNS that is google. I can get to the internet but I cannot resolve internal hosts overthe VPN.
Once all this works, the last piece I have to resolve is allowing remote VPN with cisco anyconnect at Site A and the remote vpn machine needs to be able to hit everything at Site A and B (doesnt need Internet)
I humbly apologize if my thoughts seems scrambled, I tried to recall steps and issues I have been coming across over the last week. As soon as I get to the location I will scrub the configs and post them. I wanted to get an early start with this post in case anyone has ever had the udp packet loss issue over a vpn.
Thanks for any help that can be provided!
