Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2543
Views
0
Helpful
4
Replies

Regarding Transfer speed in Cisco Any Connect

Anil Kumar
Level 1
Level 1

‎12-12-2011 12:01 AM

Hi,

I was trying to check transfer speed from Cisco Any Connect, with only ports opened in firewall 443 & 80 with 1 destination , but to complete data transfer of 50MB file it takes around 40mins, but if all ports are unblocked in Firewall with 1 destination ,it takes only 9mins.

so wanted to know the correct port numbers which needs to be opened to make data transfer speed fast & why this behaviour.

Please somebody help me.

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-12-2011 03:15 AM

Anil,

Anyconnect will use (!by default!) tcp/443 (TLS) and udp/443 (DTLS). We recommend always using DTLS to ensure better performance.

Marcin

0 Helpful

Anil Kumar
Level 1
Level 1
In response to Marcin Latosiewicz

‎12-12-2011 08:48 PM

thanks for your input, now i could get the required speed, now what  I observed is, on xp machine it takes 8 to 10 mins for 100MB file, & on windows 7 it takes only 2mins, what could be the reason. On windows 7 under registry settings of Cisco Adapter the MTU size was zero, I did the same settings in XP ( MTU to 0 ) & I can't access the network path of cleint machine itself, it throws error network path not found, without any MTU size it works fine.

How to speed up in Xp SP3 machine.

0 Helpful

i.va
Level 3
Level 3
In response to Marcin Latosiewicz

‎01-31-2013 03:41 AM

a customer has confronted me with a similar issue. They are using AnyConnect SSL Clients in their LAN, and noticed a severe performance drop on client side once connected via AnyConnect.  I have set this up in a lab environment to compare LAN performance with AnyConnect SSL performance.

Win7 Client                                                                                                                

AnyConnect                                              ASA5520                                                    Win7 iperf Server

Secure Mobility -----------1Gb LAN---------------- v9.1.1---------------------1Gb LAN--------------------  TCP Window Size 4MB

3.1.02040

The ASA was configured from factory default and there was no traffic passing besides this test. AnyConnect used DTLS, and interface mtu on the ASA was 1500, the AnyConnect mtu was left unmodified, so I suspect the maximum of 1406 bytes was used.

Result:

- While AnyConnect was disconnected, Iperf reported bandwidth usage of about 300Mbps. This was what I was expecting.

- As soon as I was connected via AnyConnect, the bandwidth usage dropped tp about 80Mbps. I expected a slight drop, but not this much.

What causes such decrease in performance? Sure, if connected via the Internet, clients will most likely never notice this, but the customer uses AnyConnect SSL in a Gigabit LAN environment. Could the bottleneck be on the client side? The load and memory usage on the ASA side was very low. I have tried several ASA versions, but they all deliver similar results.

0 Helpful

TechDude
Level 1
Level 1
In response to i.va

‎04-10-2018 10:16 AM

Recently ran into this as well, I have a 1Gbit Enterprise line, on the older 5520 we had I'd seen 80-100 in/egress, upgraded to a 5525-x and I get 300/300

 

The firewalls via anyconenct or ipsec have a max throughput, on a 5555-x I tested i was getting roughly 600/600

 

 

0 Helpful
Customers Also Viewed These Support Documents