01-17-2019 03:58 AM
Hello,
I am running ASA 9.83 with AnyConnect ver 4.7.00136. Before enabling the Anyconnect I have a throughput of 80 mbit. After enabling the client I'm unable to get more than 20 mbit throughput (sometimes less). I have no IPS or anything on the ASA, it's only running as a VPN concentrator. I have disabled Threat Detection. The MTU is set to 1300, as the AnyConnect-client kept on re-connecting. I tried to increase the MTU to 1462 but no difference in throughput. I checked the config on the ASA, and there's no policy-map or anything to indicate that the ASA should decrease bandwidth for the clients.
Our corporate network has a 1 GB internet-link with 10GB in core. Any idea?
01-17-2019 04:02 AM
you said Thread Dection mean you using firepower on this box? if you check the rules if you have apply?
normally anyconnect does not reduction the bandwidth. have you check the site you connecting from have a good interface speed if you when you connect speed/bandwidth goes down. its only happening to you or all the anyconnect users?
01-17-2019 04:08 AM
Hello,
this ASA is a virtual machine, and it's only running VPN. I disabled Threat Detection just in case it mattered. As of now we're just testing it. Two of the guys only managed to get 10 mbit, I got 20 mbit. When I disconnected the Anyconnect-client I was able to get 80 mbit. I testet both by downloading files from a server and speedtest.net.
01-17-2019 04:26 AM
ASA virtual machine means you using vASA? If that the case you using a license one or just a free one as vASA come up license for bandwidth you have to buy them. That’s is why you not getting a throughput
01-17-2019 11:21 AM
Hello, we have a ASAv50 Standard - 10G License. I checked out the Anyconnect from my home Office and it's the same result; I only get about 25% of my actual bandwitdth when enabling the Anyconnect vpn. This is the same result as when I testet it from Our lab. The other two who testet it has the same result. We been testing from several laptops. I checked out the Cisco One licensing portal, we have two ASAv50 Licenses and currently only using one. Nothing in the debugging that I found so far. Any ideas?
01-17-2019 11:32 AM
just curious if your infrastructure support the 10G connection? you must be runnning the vASA on esxi?
unless if you have a support contract/smart contract with cisco open a TAC case?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: