12-05-2016 11:43 AM
I have six remote sites that use vpn to connect to the main office. I am getting complaints of slowness from each site. When the vpn traffic gets to the main office, it using a wccp redirect to Cisco IronPort and then traffic goes to the servers. Any idea what I can do to improve speeds? I have already contacted the ISP to verify we are getting 10Mb up and 100Mb down that we have purchased.
12-07-2016 10:13 PM
Issues with Latency for VPN Client Traffic
When there are latency issues over a VPN connection, verify the following in order to resolve this:
Verify if the MSS of the packet can be reduced further.
If IPsec/tcp is used instead of IPsec/udp, then configure preserve-vpn-flow.
Re-load the Cisco ASA.
please visit this link for details
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#Solution23
12-09-2016 01:17 AM
Can you post the output of:
show wccp
and
show wccp X service (where X is the service number you have configured)
Also, post the entire config of the ASA, we might be able to see something that can be adjusted...
12-09-2016 06:56 AM
Here is the sho wccp. I have redacted the IP number on the Router Identifier.
Global WCCP information:
Router information:
Router Identifier: XXX.XXX.XXX.XXX
Protocol Version: 2.0
Service Identifier: web-cache
Number of Cache Engines: 2
Number of routers: 1
Total Packets Redirected: 38978145
Redirect access-list: WCCP-REDIRECT
Total Connections Denied Redirect: 2011
Total Packets Unassigned: 10
Group access-list: WCCP-GROUP
Total Messages Denied to Group: 0
Total Authentication failures: 0
Total Bypassed Packets Received: 0
12-09-2016 02:06 PM
Hello,
who is defined in your access lists for WCCP, are these the remote sites ? It would be best if you could post the config of one of the sites as well, as the problem might be with the configuration there.
'tunnel path-mtu-discovery' -->is that configured on your remote sites ?
12-13-2016 11:50 AM
12-14-2016 03:25 PM
12-16-2016 08:45 AM
Hello April,
I have looked through your configuration. Is there a specific reason you don't have:
ASA(config)#wccp interface inside service 0 redirect in
and/or
ASA(config)#wccp interface inside service 70 redirect in
configured ?
Service 0 redirects HTTP traffic to the Content Engine, Service 70 does the same for HTTPS traffic...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide