Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1006
Views
0
Helpful
2
Replies

Internet connection performance drop significantly when using Cisco AnyConnect VPN (macOS)

scgbrown99
Level 1
Level 1

‎07-15-2020 01:32 PM

Hello all,

 

I began working from home due to COVID-19 and my internet connection when connecting to my work via Cisco AnyConnect VPN (v 4.9.00086) cuts downs significantly, which is affecting my ability to host/attend Cisco WebEx calls for work.  I have a MacBook Pro (2019 15-inch) running macOS Catalina (v10.15.4), it is connected via WiFi to my router.  My router at home is an ASUS RT-AC5300 (firmware 3.0.0.4.384_81930).  I have tried both QoS enabled and disabled, and we are not using split tunneling.  

 

Here's my performance (using Ookla Speedtest) without VPN: 16ms ping, 417Mbps down, 32Mbps up

Here's my performance with VPN: 47ms ping, 23Mbps down, 30Mbps up

 

A co-worker in the Networking team had me try changing MTU from configuring automatically to a fixed MTU (1404). This did not improve performance, so I returned back to configuring automatically. 

 

Any other suggestions for me?  Thanks in advance!

 

Regards,

Scott

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-15-2020 01:42 PM

 

Hi,

What ASA code are you running?

Are you using SSL/TLS or IKEv2?

If using TLS, you should be running a minimum version of 9.10 which supports DTLS 1.2.- DLTS is better performance than TLS.

 

Once connected to the VPN, check to ensure you client has connected by using the command "show vpn-sessiondb detail anyconnect" and ensure you have a DTLS 1.2 tunnel in addtion to the TLS tunnel.

 

Refer to this ASA RAVPN best practice guide.

https://community.cisco.com/t5/security-documents/asa-best-practices-for-remote-access-vpn-performance/ta-p/4070579#toc-hId-339712844

0 Helpful

scgbrown99
Level 1
Level 1
In response to Rob Ingram

‎07-15-2020 02:08 PM

Thanks for your quick reply. I’m providing answers sent to me from our VPN Network Engineer:

ASA Code: v9.12(3)12 (we have a Firepower4120 running ASA code)

Listed below are more details from ASA (I’ve X’d out sensitive info):

Username : XXXXXXX Index : 178218

Assigned IP : XX.X.X.XX Public IP : XXX.XXX.XX.XXX

Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel

License : AnyConnect Premium

Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES-GCM-256

Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA384

Bytes Tx : 129362055 Bytes Rx : 70870689

Pkts Tx : 242353 Pkts Rx : 135763

Pkts Tx Drop : 36 Pkts Rx Drop : 0

Group Policy : XXXX Remote Access Grp Policy ISE

Tunnel Group : XXXX Remote Access - ISE

Login Time : 13:24:16 PDT Wed Jul 15 2020

Duration : 0h:27m:22s

Inactivity : 0h:00m:00s

VLAN Mapping : N/A VLAN : none

Audt Sess ID : 984ffa172b82a0005f0f65f0

Security Grp : none


AnyConnect-Parent Tunnels: 1

SSL-Tunnel Tunnels: 1

DTLS-Tunnel Tunnels: 1


Thanks again for any guidance!
0 Helpful
Customers Also Viewed These Support Documents