cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
670
Views
10
Helpful
4
Replies

remote access overhead

suthomas1
Level 6
Level 6

Good day all,

 

when over vpn connecting to my work, i experience drop in my internet throughput. 

My 100Mbps connection usually gives me around 75Mbps when not over vpn. However over vpn...it fluctuates between15-20Mbps. We do not have any bw control for vpn in our infrastructure.

 

Please suggest the possible causes.

 

thanks in advance.

4 Replies 4

@suthomas1 well it depends on a number of things, such as the crypto performance of your hardware device and the protocol (i.e. TLS or DTLS or IPSec) you are using. To get the best performance, use DTLS 1.2 and AnyConnect 4.7+ (ideally the latest version 4.10).

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @suthomas1,

Next to what @Rob Ingram already mentioned, I would start with checking if DTLS is enabled at all. I had couple of cases in which users complained about poor performance over VPN, which was direct consequence of DTLS being disabled/filtered on their network.

You should check this on your VPN device, by using 'show vpn-sessiondb detail anyconnect', and look for DTLS.

BR,

Milos

suthomas1
Level 6
Level 6

Thanks for the reply.

In our case, dtls is enabled for all and the throughput difference is not occuring for everyone. This creates a tricky situation to pinpoint the issue. 

@suthomas1 if the performance varies between users, determine if the users are using different versions of AnyConnect, potentially some users are using an old version?

 

In some instances ISPs may block udp/443 (which is DTLS), so therefore the user would be using TLS (tcp/443) which is slower. Check the output of "show vpn-sessiondb detail anyconnect" to determine whether the users with poor performance have established a DTLS tunnel in the first place.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: