Showing results for 
Search instead for 
Did you mean: 

experincing slowness to access application servers with SSLVPN

Hi Experts,

I have issue with SSLVPN . details explaination is as below :

We have main office(Data Center )  in US ( Texas ) and service center in India from where we support globally. we one one third party client who is sitting in india ( Not in service center but different location ( city or office ) .

The clients who are sitting at different location , they connect to SSLVPN from there own network and they access our office application servers or intranet.

currently they are facing issue with slowness when they try to access any application through SSLVPN.

Could anyone suggest for doing workaround for mentioned issue ?

As of now , I checked utilization of our MPLS cloud link which is very low ( 10mps - only 2mps utilization. ) Secondly i asked user to tracert the the destination ip .

If you could give some idea about workaround , it would be great help for me to dig out the issue.

Thanks in advance.


experincing slowness to access application servers with SSLVPN

Hi Vinod,

Datagram Transport Layer Security (DTLS) avoids  latency and bandwidth problems associated with some SSL-only  connections, including AnyConnect connections, and improves the  performance of real-time applications that are sensitive to packet  delays. DTLS allows the AnyConnect client that establishes an SSL VPN  connection to use two simultaneous tunnels, an SSL tunnel and a DTLS  tunnel.

If you use DTLS, it avoids latency and bandwidth problems associated  with some SSL connections and improves the performance of real-time  applications that are sensitive to packet delays. DTLS is a  standards-based SSL protocol that provides a low-latency data path that  uses UDP. DTLS can be enabled with the svc dtls enable command, as shown:

hostname(config)#group-policy sales attributes


hostname(config-group-webvpn)#svc dtls enable

Also, if you disable compression and df-bit-ignore, latency and bandwidth problems are reduced. df-bit-ignore can be enabled and compression can be disabled as shown here:

hostname(config)#group-policy  attributes
hostname(config-group-webvpn)#svc df-bit-ignore enable
hostname(config-group-webvpn)#svc routing-filtering-ignore enable
hostname(config-group-webvpn)#svc mtu 1200
hostname(config-group-webvpn)#svc compression none

Also, modifying outside ACLs on ASA to allow UDP port 443 will resolve the latency issue.

Hope this helps,