Cisco AnyConnect - slow file transfer

a.davis · ‎07-06-2020

Hi,

I have a Cisco ASA 5516-X with AnyConnect Premium. My home network is around 120 Mbps download and 20 Mbps upload and in the office we have a 200 Mbps leased line but whenever I download or upload a file to the server my transfer speed tends to be between 1-5 Mbps.

Any ideas on how to improve network performance?

Rob Ingram · ‎07-06-2020

Hi

Are you using an IPsec or SSL/TLS VPN? If using TLS ensure you are using DTLS 1.2, instead of just TLS. You will need to be running ASA version 9.10 or greater and Anyconnect 4.7 or greater to use DTLS 1.2.

Refer to the link below for additional ASA RAVPN best practices

https://community.cisco.com/t5/security-documents/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579

HTH

a.davis · ‎07-07-2020

We are currently using IKEv2 IPsec with ASA version 9.5 and AnyConnect 4.3

Rob Ingram · ‎07-07-2020

Did you read the guide? It has a troubleshooting section, run those commands and provide the output for review.

Your ASA and AnyConnect versions are outdated, consider updating ASA to at least 9.12 and AnyConnect to 4.8/4.9

Marvin Rhoads · ‎07-08-2020

IKEv2 IPsec will be slower than DTLS 1.2. The latter uses connectionless UDP over port 443.

Still, you should be able to achieve > 5 Mbps you're observing. But there are so many factors at work it's hard to say which is slowing things down. Everything from your home network (wired vs WiFi), other users on your networks, your ISP, your company's ISP, etc. can affect this.

l-mathews · ‎06-02-2021

I have similar problem. I was told DTLS 1.2 is not supported on ASA 5516. Is this true? My ASA is 9.12 and Anyconnect is 4.7 Is this true?

Rob Ingram · ‎06-02-2021

@l-mathews

Yes, it is true - DTLS 1.2 is NOT supported on the ASA 5506, 5508 and 5516 hardware.

Reference:-

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn63389/?rfs=iqvred

https://community.cisco.com/t5/security-documents/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579