Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1919
Views
0
Helpful
6
Replies

IPsec Site-to-Site help

Chris Gabel
Level 1
Level 1

‎04-30-2018 10:33 AM - edited ‎03-12-2019 05:14 AM

Hi Experts, Looking for some help with my IPSec site-to-site VPN. The VPN connection is up and active, I can ping between my sites and share files however it's very very slow. Browsing and opening files are almost impossible. Both sides are Cisco 2911 routers, both internet connections are from the same Telco, same speed as well, 150 down 20 up. Connection to the internet from each site is working as expected. I've been troubleshooting for a few days now but I'm stumped. The only errors I'm running into is a send error or two on each side of the tunnel as you can see with show crypto ipsec sa.
Labels:
Preview file
15 KB
Preview file
16 KB
Preview file
16 KB
0 Helpful
6 Replies 6

Marius Gunnerud
VIP
VIP

‎05-01-2018 06:32 AM

How much throughput do you have over the site to site VPN?  The 2911 only supports up to a maximum of 170Mbps

 

You could also try adjusting the MTU on the VPN interface to 1300 at both ends of the VPN. Perhaps it is the overhead that is causing issues.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Chris Gabel
Level 1
Level 1
In response to Marius Gunnerud

‎05-01-2018 08:09 AM

To be honest I would be fine if I was getting even a few Mbps over the tunnel but I'm not even getting that. I set up an FTP server/client over the tunnel and it can barely make 30KB/s during transfer. 

NTFS file browsing works sorta.. takes time to load small images or documents.

 

 

0 Helpful

Chris Gabel
Level 1
Level 1
In response to Chris Gabel

‎05-02-2018 11:56 AM

I tried setting the ip tcp adjust mss value to 1200 with no difference in transfer speeds.

 

I set up Wireshark on one side of the tunnel and send a file over ftp for a packet capture.

As soon as the file transfer starts I'm getting a ton of TCP Dup ACK. I'm guessing this is the issue.

 

Does anyone have any thoughts? I seem to be getting a lot of Duplicate transmissions and I'm not sure why.

 

 

 

 

Preview file
150 KB
0 Helpful

Marius Gunnerud
VIP
VIP
In response to Chris Gabel

‎05-02-2018 01:28 PM

Is it just file transfer that is slow or everything else also?  how large is the file you are transfering?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Chris Gabel
Level 1
Level 1
In response to Marius Gunnerud

‎05-02-2018 01:55 PM - edited ‎05-02-2018 01:59 PM

I've tried different sized files but most of them are in the 7-300MB range.

It's slow with everything, the users have a shared folder location on the other side of the tunnel and browsing it is painful. Opening an image that's 9kb can take 16 + seconds. Word and pdf documents are way slower depending on the size. Everything eventually opens though.

 

For testing:

I disconnected the tunnel and connected my server with a client-server IPsec VPN to the same router on the other end of the tunnel and it works great. Speeds are perfect. I connect to each site separately using this VPN and it works great for me too. 

 

 

0 Helpful

Chris Gabel
Level 1
Level 1
In response to Chris Gabel

‎05-08-2018 09:21 AM

Still working on this fix.. I have the users connecting using the client->Server Ipsec client currently but it's not an ideal solution.

 

I will continue to troubleshoot.

 

 

0 Helpful
Customers Also Viewed These Support Documents