PIX 501 to ISA 2006

Unanswered Question
Aug 4th, 2008

Why is web browsing slower by about 1/2 when go to web thru VPN. When I browse web directly from PIX to Internet I am twice as fast. Could it be MTU settings?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vshrubow Mon, 08/04/2008 - 12:24

It could be a number of things. First, keep in mind that browsing through a VPN generates twice as much traffic on the external interface because you are sending requests to the PIX, the PIX forwards them to the web site, the web site responds to the PIX, then the PIX forwards the response to you. If your Internet connection is slow, you will definitely notice this additional traffic. If this is your issue, setting up split networking and split DNS should resolve it. (That way, normal Internet traffic will bypass the VPN entirely.)

Second, the VPN encryption/decryption adds overhead to the entire process. What is your PIX's processor utilization like? Is it maxing out? What about your PC's processor utilization?

dhananjoy chowdhury Mon, 08/04/2008 - 13:00

It could be an MTU issue..

Can you check if the packet is being fragmented.

se this command

ping -l 1500 -f a.b.c.d

a.b.c.d is the proxy server IP.


This Discussion