Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
941
Views
0
Helpful
0
Replies

Cisco AnyConnect very slow RDP file transfer

Robin Olofsson
Level 1
Level 1

‎07-08-2020 06:18 AM - edited ‎07-08-2020 06:22 AM

Hi guys,

 

We have a ASA5506 active/standby setup with Cisco AnyConnect.

We experience really slow file transfer between local drive and RDS server when we copy files from the redirected drive within the RDP session.

 

If I copy the file directly from local computer to server (UNC path) we don't have this issue.

 

currently I've disabled DTLS and running TLSv1.2 (5506 does not support DTLSv1.2?)
With DTLS enabled also file transfers through UNC path gets extremly slow.
With TLSv1.2 we get results around 80-90mbit/s.

I've done some testing with different MTU size also.

 

For test I did a port forward to one of the RDS servers and allowed our WAN IP.

when we RDP through the ASA without AnyConnect, RDP File Transfer speed is 100-120mbps, I understand we will loose bandwith with AnyConnect encryption but not down to 0-1mbps as we experience now ..

 

I've pasted our anyconnect config below.

any help is appreciated, thank you!

 

 

ASA version: 9.13(1) 

Cisco AnyConnect version: 4.9.00086

!

ssl server-version tlsv1.2

!

webvpn
enable outside
http-headers
hsts-server
enable
max-age 31536000
include-sub-domains
no preload
hsts-client
enable
x-content-type-options
x-xss-protection
content-security-policy
anyconnect image disk0:/anyconnect-win-4.9.00086-webdeploy-k9.pkg 1
anyconnect profiles VPN_PROFILE disk0:/VPN_PROFILE.xml
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable

!

group-policy DfltGrpPolicy attributes
webvpn
anyconnect ssl dtls none
anyconnect mtu 1280

!

group-policy GroupPolicy_anyconnect internal
group-policy GroupPolicy_anyconnect attributes
wins-server none
dns-server value *
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
default-domain value *
webvpn
anyconnect modules value vpngina
anyconnect profiles value VPN_PROFILE type user

!

tunnel-group anyconnect type remote-access
tunnel-group anyconnect general-attributes
address-pool vpn-ip-pool
authentication-server-group RADIUS
default-group-policy GroupPolicy_anyconnect
password-management
tunnel-group anyconnect webvpn-attributes
group-alias * enable

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents