PIX 515e: VPN only 10% bandwith of the STM1

Unanswered Question
Dec 9th, 2008
User Badges:


there is a VPN-connection between two sites. Both sites are connected with a 155MBit/s line to internet. They use a PIX 515e with IOS 8.0.2 to handel the VPN.

If they transfer a file from one site to the other, the speed is about 1 MByte/s. A second transfer on the same clients has the speed of 1 MByte/s either. 2 MByte/s together. And so on.

I cant find any policies or shaping in the config.

Is this effect a "feature" of 8.0.2?

Can anyone tell?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ddawson Tue, 12/09/2008 - 16:33
User Badges:
  • Bronze, 100 points or more

This sounds like a classic case of the TCP Receive Window (RWIN) being too small and limiting your throughput. TCP throughput is theoretically bounded by the "bandwidth-delay product", which implies that the RWIN of the receiving host has to be at least a large as the bandwidth of the slowest link between the endpoints times the round trip time between the endpoints if you want to use all the available bandwidth with a single TCP connection. If the RWIN is too small you'll get correspondingly slower throughput. The fix is to increase the RWIN on the end systems. The easiest way to do this in Windows is to download a free utility such as "DrTCP" or "TCP Optimizer", but Microsoft has instructions on their support site on how to do it by editing the Registry as well.

marcbujack Wed, 12/10/2008 - 05:12
User Badges:

Thanx for your reply.

I'll test the rwin-setting on the clients.




This Discussion