cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1099
Views
4
Helpful
7
Replies

VPN Speed issue

sprocket10
Level 2
Level 2

I am having a speed issue that I cannot determine the cause.

SiteA has a 300Mb leased line with a ASA5516.

Users connect to SiteA with a Anyconnect VPN. SiteA is connected to SiteB via a IPSec tunnel.

If a user downloads a file from SiteA they are getting good download speed of 7MB/s (ie 4Gb in 5 mins). If a file is transferred between SiteA and SiteB the same good transfer speeds are experienced. However if a VPN user tries to download a file from SiteB they experience poor download speeds of under 1MB/s.

I realise that the VPN user is utilising the same leased line for their VPN and the connection between SiteA and SiteB, but the speed difference shouldnt be that dramatic.

7 Replies 7

the overhead of IPSec must calculate here, reduce the MTU.

I have dropped the MTU to 1200 but same issues

the MTU for VPN is 1500 then it pass over the IPSec tunnel, here the drop happened, 

OK 
reduce the MTU of ANyconnect 
and if not work 
try make IPsec fragment the packet 
crypto ipsec df-bit [clear set | copy

@sprocket10 what protocol are you using IPSec or SSL/TLS? If using SSL/TLS you get best performance with DTLS1.2 rather than just using TLS. You would also need AnyConnect 4.7 to support DTLS 1.2, ideally you'd be using the latest anyconnect version.

We are using SSL. From my understanding the ASA 5516 doesnt support DTLS1.2

@sprocket10 ok, correct the 5516 doesn't support DTLS 1.2, IKEv2/IPSec would provide better performance than SSL/TLS would.

RachelGomez161999
Spotlight
Spotlight

If you have a persistent speed issue consider the following troubleshooting steps.


Change servers. 
Change VPN port/protocol. 
Use a wired connection. 
Switch devices. 
Restart your Modem/Router. 
Try WireGuard. 
Temporarily disable local security software. 
Restart your Device.

 

Greeting,

Rachel Gomez