Hello community.

i am getting poor performance over site to site vpn. below is the out put from ASA.  One side of the vpn does not have any issues.

i have the following DF configration on ASA. Can anyone please share experience to resolve this issue.

crypto ipsec df-bit clear-df outside
crypto ipsec df-bit clear-df inside

IPSEC SA output.

 #pkts encaps: 13851, #pkts encrypt: 13871, #pkts digest: 13871
      #pkts decaps: 16195, #pkts decrypt: 16195, #pkts verify: 16195
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 13852, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 20, #pre-frag failures: 0, #fragments created: 40
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 14
      #TFC rcvd: 0, #TFC sent: 0
      #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 65.156.244.58/0, remote crypto endpt.: 162.247.247.69/0
      path mtu 1500, ipsec overhead 58(36), media mtu 1500
      PMTU time remaining (sec): 0, DF policy: clear-df
      ICMP error validation: disabled, TFC packets: disabled
      current outbound spi: 941D9C14
      current inbound spi : 5E1A6393

Thanks a lot