03-16-2017 04:46 AM
We are operating a point to point vpn link between 2 sights of a corporate LAN.
Each sight has 75/15 mb cable Ethernet connection behind an ASA 5506-X.
Internet speeds are fine and near rated speeds at each location.
However, file access is very slow when getting files from the other sight over the vpn link. When transferring large files it is slow to start and a little slow on transfer. When doing multiple small files it slows to a crawl.
example of slowdown:
save to Microsoft onedrive = 45 seconds
save across vpn = 4 minutes
Questions:
1. Is this possibly limited by the performance of the ASA 5506-X? It is lightly loaded as far as users and the slowdown is there even when only 1 person transferring data.
2. Could a change in settings on the ASA 5506-X improve performance?
3. Is a faster ASA the answer?
Any thoughts or suggestions appreciated.
03-20-2017 11:39 AM
The 5506X is a perfectly good device for the bandwidth you are dealing with. You have a 75/15 so the maximum throughput you can ever expect on your VPN is 15 mbps. Since you have a next gen firewall, one can expect you are using Sourcefire IPS. Even with IPS inspection inpath your 5506X is capable of over 100 mbps throughput.
So you don't need a new ASA.
It would be interesting to look at the ping times between the host and server across the VPN and the ping times to the Microsoft Onedrive. Are they significantly skewed?
RTT (round trip time) and TCP window size determine the max theoretical throughput between hosts in a TCP conversation.
03-20-2017 12:23 PM
"It would be interesting to look at the ping times between the host and server across the VPN and the ping times to the Microsoft Onedrive. Are they significantly skewed?"
ping to onedrive.live.com =
Ping statistics for 204.79.197.217:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 22ms, Average = 16ms
ping to server=
Ping statistics for 192.168.100.150:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 31ms, Average = 27ms
If this would be helpful:
03-20-2017 12:41 PM
Well, the differences are not that large. Onedrive is 10ms faster but even at 24ms RTT with a 64K TCP window size you should be capable of achieving in excess of your 15 mbps up link speed.
Note that PSPing shows a max throughput of 2.52 MB/s. I'm reading that as MegaBytes so in the times that by 8 gives us around of 20 mbps per second.
That indicates that your VPN network is performing better than it should (you have a 15 mbps upload limit).
You could also set up an FTP server on one side of the link and a FTP client on the other. Try an FTP get/put of a large file and see what the thoughput is on that file transfer...
So far it looks like the VPN network is performing well.
BTW, thanks for the pointer to PSPing (never seen that before).
03-21-2017 04:35 AM
I ran into a similar issue.
Check your logs and look for "Dropped UDP DNS reply". If you are seeing this between the two endpoints then have a look at your inspect maps, and set the
http://www.802101.com/poor-asa-site-to-site-vpn-performance-it-could-be-dns/
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide