08-09-2022 04:54 AM
I am having a speed issue that I cannot determine the cause.
SiteA has a 300Mb leased line with a ASA5516.
Users connect to SiteA with a Anyconnect VPN. SiteA is connected to SiteB via a IPSec tunnel.
If a user downloads a file from SiteA they are getting good download speed of 7MB/s (ie 4Gb in 5 mins). If a file is transferred between SiteA and SiteB the same good transfer speeds are experienced. However if a VPN user tries to download a file from SiteB they experience poor download speeds of under 1MB/s.
I realise that the VPN user is utilising the same leased line for their VPN and the connection between SiteA and SiteB, but the speed difference shouldnt be that dramatic.
08-09-2022 05:16 AM
the overhead of IPSec must calculate here, reduce the MTU.
08-09-2022 08:15 AM
I have dropped the MTU to 1200 but same issues
08-09-2022 09:39 AM
the MTU for VPN is 1500 then it pass over the IPSec tunnel, here the drop happened,
OK
reduce the MTU of ANyconnect
and if not work
try make IPsec fragment the packet
crypto ipsec df-bit [clear | set | copy]
08-09-2022 10:00 AM
@sprocket10 what protocol are you using IPSec or SSL/TLS? If using SSL/TLS you get best performance with DTLS1.2 rather than just using TLS. You would also need AnyConnect 4.7 to support DTLS 1.2, ideally you'd be using the latest anyconnect version.
08-10-2022 01:42 AM
We are using SSL. From my understanding the ASA 5516 doesnt support DTLS1.2
08-10-2022 01:55 AM
@sprocket10 ok, correct the 5516 doesn't support DTLS 1.2, IKEv2/IPSec would provide better performance than SSL/TLS would.
08-15-2022 11:29 PM
If you have a persistent speed issue consider the following troubleshooting steps.
Change servers.
Change VPN port/protocol.
Use a wired connection.
Switch devices.
Restart your Modem/Router.
Try WireGuard.
Temporarily disable local security software.
Restart your Device.
Greeting,
Rachel Gomez
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide