Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1061
Views
0
Helpful
6
Replies

Slow VPN throughput via Cisco 831

rts-net-support
Level 1
Level 1

‎03-14-2006 02:39 AM - edited ‎02-21-2020 02:18 PM

Hello all,

I have the current situation. A remote office has an ADSL connection (6Mbps down, 512kbps up) and we use a Cisco 831 router to establish a site-to-site VPN to our HQ. The connection works fine, VPN as well, we have connectivity between the two sites. My problem is that they can only download with about 1.5Mbps, via the VPN, from the HQ. The upload is fine, they can send for the full 512kbps over the VPN.

We have tested the connection and we can download with 6Mbps from the internet, via the same Cisco router so the connection is fine. Why am I seeing slow throughput via the VPN ? There is no limitation on the HQ side where we have a 100Mbps connection.

The config on the cisco 831 is pretty basic, no rate-limiting, just a crypto map applied to the external interface. The router is acting as a PPPoE client as well, not sure if this impacts on anything.

Any ideas are appreciated.

Thank you,

Stefan

Labels:
0 Helpful
6 Replies 6

rts-net-support
Level 1
Level 1

‎03-14-2006 11:33 PM

No ideas ? Is it something wrong with my setup or 1.5Mbps is the max IPSEC throughput I can get from a Cisco 831 ?

0 Helpful

jstrine
Level 1
Level 1
In response to rts-net-support

‎03-17-2006 08:15 PM

Clear interface counters with "clear counters". Perform the download test and then issue a the "show proc cpu hist" command to look at CPU usage. Then do "show int" and see if you are getting dropped packets. This is only a start but see what that turns up. Maybe there is a CPU bottleneck when it comes to doing encryption. The 831 does have a hardware encryption module, but depending on your VPN setup, it may not be doing all the work and putting some strain on the CPU. Let us know what you find.

0 Helpful

rts-net-support
Level 1
Level 1
In response to jstrine

‎03-20-2006 01:23 AM

I tried what you suggested. Cleared the counters, transfered a file and then looked at the interfaces. No packet drops, nothing weird there.

The "show proc cpu hist" shoes a constant 70% CPU usage during the transfer. Is that normal ?

0 Helpful

jstrine
Level 1
Level 1
In response to rts-net-support

‎03-20-2006 07:33 AM

70% seems a bit high. Issue the following command and post the output (it will show what crypto engines are in your 831):

show crypto engine brief

Also, have you disabled the hardware engine using the following command at all:

no crypto engine accelerator

Finally, what program are you using to test the throughput? My experience with programs like iperf are that TCP window size tuning can dramatically affect the throughput on these types of connections.

0 Helpful

ahmed.badawy
Level 1
Level 1

‎03-22-2006 03:27 AM

Would you send show version on 831?

I need to know the VPN device used at HQ?

0 Helpful

rts-net-support
Level 1
Level 1
In response to ahmed.badawy

‎03-22-2006 04:44 AM

The solution to this might be a lot easier than expected, as always. We're investigating with our datacenter ISP, there are indication they use some kind of QoS policies we were not aware of. I'll get back on this if that's the case.

0 Helpful
Customers Also Viewed These Support Documents