Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
893
Views
0
Helpful
7
Replies

Slow VPN

april.pennington
Level 1
Level 1

‎12-05-2016 11:43 AM

I have six remote sites that use vpn to connect to the main office.  I am getting complaints of slowness from each site.  When the vpn traffic gets to the main office, it using a wccp redirect to Cisco IronPort and then traffic goes to the servers.  Any idea what I can do to improve speeds?  I have already contacted the ISP to verify we are getting 10Mb up and 100Mb down that we have purchased.

Labels:
0 Helpful
7 Replies 7

cofee
Level 5
Level 5

‎12-07-2016 10:13 PM

Issues with Latency for VPN Client Traffic

When there are latency issues over a VPN connection, verify the following in order to resolve this:

  1. Verify if the MSS of the packet can be reduced further.

  2. If IPsec/tcp is used instead of IPsec/udp, then configure preserve-vpn-flow.

  3. Re-load the Cisco ASA.

please visit this link for details

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/81824-common-ipsec-trouble.html#Solution23

0 Helpful

Georg Pauwen
VIP
VIP

‎12-09-2016 01:17 AM

Can you post the output of:

show wccp

and

show wccp X service (where X is the service number you have configured)

Also, post the entire config of the ASA, we might be able to see something that can be adjusted...

0 Helpful

april.pennington
Level 1
Level 1
In response to Georg Pauwen

‎12-09-2016 06:56 AM

Here is the sho wccp.  I have redacted the IP number on the Router Identifier.


Global WCCP information:
    Router information:
 Router Identifier:                   XXX.XXX.XXX.XXX
 Protocol Version:                    2.0

    Service Identifier: web-cache
 Number of Cache Engines:             2
 Number of routers:                   1
 Total Packets Redirected:            38978145
 Redirect access-list:                WCCP-REDIRECT
 Total Connections Denied Redirect:   2011
 Total Packets Unassigned:            10
 Group access-list:                   WCCP-GROUP
 Total Messages Denied to Group:      0
 Total Authentication failures:       0
 Total Bypassed Packets Received:     0

0 Helpful

Georg Pauwen
VIP
VIP
In response to april.pennington

‎12-09-2016 02:06 PM

Hello,

who is defined in your access lists for WCCP, are these the remote sites ? It would be best if you could post the config of one of the sites as well, as the problem might be with the configuration there.

'tunnel path-mtu-discovery' -->is that configured on your remote sites ?

0 Helpful

april.pennington
Level 1
Level 1
In response to Georg Pauwen

‎12-13-2016 11:50 AM

Here is the config file for the ASA 5505.  I will load the config file for the ASA 5515 in a little while

Preview file
10 KB
0 Helpful

april.pennington
Level 1
Level 1
In response to april.pennington

‎12-14-2016 03:25 PM

Here is the config for the ASA 5515

Preview file
81 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to april.pennington

‎12-16-2016 08:45 AM

Hello April,

I have looked through your configuration. Is there a specific reason you don't have:

ASA(config)#wccp interface inside service 0 redirect in

and/or 

ASA(config)#wccp interface inside service 70 redirect in

configured ?

Service 0 redirects HTTP traffic to the Content Engine, Service 70 does the same for HTTPS traffic...

0 Helpful
Customers Also Viewed These Support Documents