cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
569
Views
0
Helpful
1
Replies

Slow Tunnel Transfer Speed

DStringfield
Level 1
Level 1

Hi all,

We have 3 VPN tunnels running between 3 sites, two with an ASA-5506, one with an ASA-5505 (although the problem is similar between the different models). Despite our internet connections maxing at 400Mbps, and interoffice transfers at reasonable (Windows) speeds, intersite transfers max out at 20Mbps. 

I have read a lot on these community boards in my attempts to fix the issue. My attempts have involved:

  • Changing the MTU on the Interface (values from 1400-1500)
  • Chainging the IKEv2 Fragmentation settings
    • Enable & Disable Fragmentation
    • Setting Fragmentation MTU (values between 1380-1460)
  • Changing the IPSec Prefragmentation Policies settings:
    • Enable/Disabling Pre-Fragmentation
    • Changing the DF-Bit Policy between Clear & Copy

No combination of these has resulted in a speed increase. I'm happy to provide more configs. I mainly use the ASDM to configure these but I can do some CLI if needed. 

I'm sure I'm missing something, please help me to find out what!

Cheers,

David

1 Reply 1

I guess this is a difficult one. Is this just started this behavior recently any changes made on the network. Is there is download going on between these tunnels?

 

you using the firepower module on 5506-x. could be a good start to dig on layer 7 if you using the firepower. what software you running on 5506-X.

 

run wiresharke/ packet capture to check what is the behavour our your traffic.

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: