Strange VPN Problem

ruliffilur · ‎06-09-2011

Hello

I got a stange vpn problem, just added a new vpn tunnel to our ASA5510 and then the users report that the traffic through the tunnel is very slow, when I try it myself I get a speed like 50kb/sec to the internal server.

If I use our regular tunnel or any other tunnel the speed is just fine. I´ve added the new tunnel in the same way as the other tunnels, that is thorugh ASDM vpn wizzard.

//Rulif

Istvan Matyasovszki · ‎06-10-2011

Hi Rulif,

Can you please let us know how you measure the performance / throughput for the IPSec session in question ?

What performance / throughput value do you get with the new remote peer without IPSec ?

In some scenarios, after deploying IPSec, the performance hit may come from fragmentation due to the

ovearhead imposed by the configured ipsec transform set. I can't say if this is the case here, but the following

document has some good pointers on how to check / fix IPSec related fragmentation issues :

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml

Best regards

Istvan

ruliffilur · ‎06-12-2011

Hello Istvan

That sound intresting will check your link there, however I managed to resolv the issue, the user is connecting via vpn to a ms access database and there are many small files that needs to be transferd at login, At fist I only granted the 2 servers that the users needed at their splittunnelinglist. Later I changed it to allow them to access our entire server subnet, class c one then it worked just fine.

So our theory here is that windows needs to "talk" to some speciffic hosts we are not aware of.

//Johan