If you are using TLS for the AnyConnect data session it would be worth changing this over to DTLS. This tends to help with throughput issues. This document also goes over various points to check for performance issues with the AnyConnect:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215331-anyconnect-implementation-and-performanc.html

 

Some live data below.  The first iperf test is to a subnet on the core switch directly connected to the ASA, the second test is to a subnet that has its gateway on the ASA itself.

Answer 1) ASA5585 -  9.8(4)20

Answer 2) We are using TLS, I will look into DTLS but I do not think that is our issue here.

[hostname1] ➤ iperf3 -c 10.155.146.75 -p 1443 -V
iperf 3.1.5
CYGWIN_NT-10.0-WOW hostname1 3.0.4(0.338/5/3) 2019-03-18 19:35 i686
Control connection MSS 0
Time: Thu, 17 Aug 2023 15:43:12 GMT
Connecting to host 10.155.146.75, port 1443
Cookie: hostname1.1692286992.048566.29a
TCP MSS: 0 (default)
[ 4] local 10.100.251.2 port 63124 connected to 10.155.146.75 port 1443
Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.02 sec 1.05 MBytes 8.65 Mbits/sec
[ 4] 1.02-2.00 sec 819 KBytes 6.81 Mbits/sec
[ 4] 2.00-3.00 sec 819 KBytes 6.72 Mbits/sec
[ 4] 3.00-4.01 sec 1.29 MBytes 10.7 Mbits/sec
[ 4] 4.01-5.02 sec 1.42 MBytes 11.9 Mbits/sec
[ 4] 5.02-6.01 sec 1.35 MBytes 11.4 Mbits/sec
[ 4] 6.01-7.00 sec 1.48 MBytes 12.5 Mbits/sec
[ 4] 7.00-8.01 sec 1.66 MBytes 13.8 Mbits/sec
[ 4] 8.01-9.00 sec 1.60 MBytes 13.5 Mbits/sec
[ 4] 9.00-10.01 sec 1.48 MBytes 12.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
Test Complete. Summary Results:
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.01 sec 12.9 MBytes 10.8 Mbits/sec sender
[ 4] 0.00-10.01 sec 12.7 MBytes 10.7 Mbits/sec receiver
CPU Utilization: local/sender 2.2% (1.4%u/0.8%s), remote/receiver 1.8% (0.2%u/1.6%s)
rcv_tcp_congestion cubic

iperf Done.
✔
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
[hostname1] ➤ iperf3 -c 10.155.136.75 -p 1443 -V
iperf 3.1.5
CYGWIN_NT-10.0-WOW hostname1 3.0.4(0.338/5/3) 2019-03-18 19:35 i686
Control connection MSS 0
Time: Thu, 17 Aug 2023 19:18:03 GMT
Connecting to host 10.155.136.75, port 1443
Cookie: hostname1.1692299883.900613.29a
TCP MSS: 0 (default)
[ 4] local 10.100.250.238 port 49470 connected to 10.155.136.75 port 1443
Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.01 sec 567 KBytes 4.60 Mbits/sec
[ 4] 1.01-2.00 sec 189 KBytes 1.56 Mbits/sec
[ 4] 2.00-3.00 sec 315 KBytes 2.58 Mbits/sec
[ 4] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec
[ 4] 4.00-5.01 sec 252 KBytes 2.05 Mbits/sec
[ 4] 5.01-6.01 sec 252 KBytes 2.07 Mbits/sec
[ 4] 6.01-7.02 sec 0.00 Bytes 0.00 bits/sec
[ 4] 7.02-8.02 sec 0.00 Bytes 0.00 bits/sec
[ 4] 8.02-9.01 sec 0.00 Bytes 0.00 bits/sec
[ 4] 9.01-10.00 sec 252 KBytes 2.08 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
Test Complete. Summary Results:
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 1.78 MBytes 1.50 Mbits/sec sender
[ 4] 0.00-10.00 sec 1.66 MBytes 1.39 Mbits/sec receiver
CPU Utilization: local/sender 1.1% (0.3%u/0.8%s), remote/receiver 0.1% (0.0%u/0.0%s)
rcv_tcp_congestion cubic

iperf Done.
✔
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────