06-09-2011 02:00 AM
Hello
I got a stange vpn problem, just added a new vpn tunnel to our ASA5510 and then the users report that the traffic through the tunnel is very slow, when I try it myself I get a speed like 50kb/sec to the internal server.
If I use our regular tunnel or any other tunnel the speed is just fine. I´ve added the new tunnel in the same way as the other tunnels, that is thorugh ASDM vpn wizzard.
//Rulif
06-10-2011 05:42 AM
Hi Rulif,
Can you please let us know how you measure the performance / throughput for the IPSec session in question ?
What performance / throughput value do you get with the new remote peer without IPSec ?
In some scenarios, after deploying IPSec, the performance hit may come from fragmentation due to the
ovearhead imposed by the configured ipsec transform set. I can't say if this is the case here, but the following
document has some good pointers on how to check / fix IPSec related fragmentation issues :
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml
Best regards
Istvan
06-12-2011 11:40 PM
Hello Istvan
That sound intresting will check your link there, however I managed to resolv the issue, the user is connecting via vpn to a ms access database and there are many small files that needs to be transferd at login, At fist I only granted the 2 servers that the users needed at their splittunnelinglist. Later I changed it to allow them to access our entire server subnet, class c one then it worked just fine.
So our theory here is that windows needs to "talk" to some speciffic hosts we are not aware of.
//Johan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide