07-20-2021 04:34 AM
Hello,
I have an HA of 2120 6.6.1 managed by FMC.
I have an issue with a web page
This page is for developers and when they are loading through VPN it takes much more time to load.
From network activity of chrome we saw that it is downloading very slow a .js file
What could I check on the FW to see why it is slow on the VPN?
Thanks and regards,
Konstantinos
07-20-2021 05:04 AM - edited 07-20-2021 05:09 AM
Are you using IPSec or SSL VPN?
What version of AnyConnect are you using?
You get the best performance using AnyConnect 4.8 or newer and DTLS 1.2 or IPSec, if you are using just TLS that might explain the poor performance.
Run the command "show vpn-sessiondb detail anyconnect" to determine what protocol the user has connecting using. Provide the output if necessary.
07-20-2021 05:18 AM
It is RA VPN
I will ask about the anyconnect version
We have DTLS enabled
Thank you for the immediate answer
I will look into and update you
07-20-2021 05:41 AM
> show vpn-sessiondb detail anyconnect filter name Username
Session Type: AnyConnect Detailed
Username : Username Index : 1303
Assigned IP : ip Public IP : ip
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Premium
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES-GCM-256
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA384
Bytes Tx : 218532081 Bytes Rx : 22080128
Pkts Tx : 362997 Pkts Rx : 332297
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Group Policy : SSLVPNClient Tunnel Group : SSLVPNClient
Login Time : 05:59:27 UTC Tue Jul 20 2021
Duration : 6h:35m:45s
Inactivity : 0h:00m:00s
VLAN Mapping : N/A VLAN : none
Audt Sess ID : c21ef1690051700060f6663f
Security Grp : none Tunnel Zone : 0
AnyConnect-Parent Tunnels: 1
SSL-Tunnel Tunnels: 1
DTLS-Tunnel Tunnels: 1
AnyConnect-Parent:
Tunnel ID : 1303.1
Public IP : ip
Encryption : none Hashing : none
TCP Src Port : 1225 TCP Dst Port : 443
Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : win
Client OS Ver: 10.0.19042
Client Type : AnyConnect
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037
Bytes Tx : 16499 Bytes Rx : 0
Pkts Tx : 12 Pkts Rx : 0
Pkts Tx Drop : 0 Pkts Rx Drop : 0
SSL-Tunnel:
Tunnel ID : 1303.2
Assigned IP : ip Public IP : ip
Encryption : AES-GCM-256 Hashing : SHA384
Ciphersuite : DHE-RSA-AES256-GCM-SHA384
Encapsulation: TLSv1.2 TCP Src Port : 1232
TCP Dst Port : 443 Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes
Client OS : Windows
Client Type : SSL VPN Client
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037
Bytes Tx : 16499 Bytes Rx : 312
Pkts Tx : 12 Pkts Rx : 3
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Filter Name : access-list
DTLS-Tunnel:
Tunnel ID : 1303.3
Assigned IP : ip Public IP : ip
Encryption : AES-GCM-256 Hashing : SHA384
Ciphersuite : ECDHE-ECDSA-AES256-GCM-SHA384
Encapsulation: DTLSv1.2 UDP Src Port : 53568
UDP Dst Port : 443 Auth Mode : userPassword
Idle Time Out: 30 Minutes Idle TO Left : 30 Minutes
Client OS : Windows
Client Type : DTLS VPN Client
Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037
Bytes Tx : 218499083 Bytes Rx : 22079816
Pkts Tx : 362973 Pkts Rx : 332294
Pkts Tx Drop : 0 Pkts Rx Drop : 0
Filter Name : access-list
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide