VPN slow via wireless

Unanswered Question
Jul 28th, 2009

I have remote users setup with WPA on linksys wireless routers who use the vpn client to connect to an asa5510. When they connect to the asa via a wireless connection (with excellent signal strengh), the results are unstable meaning some can connect and have no issues and others have slowness. When I have the affected users connect to the router with an Eth cable, it's all good. I know the WPA adds some overhead but is there some other explanation?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a-vazquez Mon, 08/03/2009 - 06:11

I got some details on wireless not supporting ESP protocols. Most wireless devices do not like to handle the ESP packets. The problem you are running into is that the ESP packets are not being fragmented when they are going through the Wireless device. Heance the packets are being dropped. The first step to setting up VPN is to accommodate for the use of the IP Security (IPSec) technology, which is incorporated within the VPN technology. IPSec uses encryption technology to provide data confidentiality, integrity, and authenticity between participating peers in a private network.


IPSec defines a new set of headers that are added to IP datagrams. These headers are placed after the IP header and before the Layer 4 protocol (typically Transmission Control Protocol [TCP] or User Datagram Protocol [UDP]). The result is that the packets go from the local network where the PC is installed through to the internet. These packets are a larger size than non-encrypted packets. The increased size can cause problems to the devices expecting normal size packets, since the receiving devices sees them as oversized packets.

1, Try to use IPSEC over UDP for the vpn client on his wireless and all is well.

You can also try this option iT works:-)

2, Reduce the MTU size

Adjusting the MTU

In order to avoid receiving devices perceiving the packets as oversized, you must adjust the size of the Maximum Transmission Unit (MTU) on the PC/host side. Adjust the total maximum size that the packet can take so that it does not exceed the normal size of a non encrypted Ethernet packet. VPN applications typically provides the option of customizing the MTU size.

Follow these steps to adjust the MTU in a Cisco Systems VPN client within Microsoft Windows.

Click Start.

Click Programs.

From the Program Group Cisco Systems VPN Client select Set MTU


Select the wireless client adapter that you are using to connect to your Base Station unit (in this case Local Area Connection 3).

In MTU Options select 1400. This causes your PC to transmit packets with 1400 bytes as the maximum. Therefore, the additional IPSec header is accommodated without exceeding the 1518 byte normal maximum size of an Ethernet packet.


Actions

This Discussion