I have a DMVPN AES/GRE IPSec VPN setup between a 2811 router at my remote site and a 2851 router at my host site. The ethernet ports on each router connect to a wireless network that has 54 Mbits of capacity.
The problem I am having is that my encrypted traffic is only flowing at a fraction of that speed. I'm getting on average 3 Mbits from the 2851 to the 2811 and 10 Mbits from the 2811 to the 2851.
What could be causing this slowdown? A couple thoughts are coming to mind.
1. MTU Issues: My MTU's for the ethernet ports are at 1500 byte MTU's, and my tunnel interfaces have MTU's of 1514 bytes and ip mtu 1400 bytes set under the tunnel interface. According to what I have been reading 1400 byte packet sizes are best for performance but I am not sure if just the ip mtu of 1400 is all I need to acomplish this?
2. VPN Accellerator needed? Would it help if I add a AIM-VPN/SSL-2 or a AIM-VPN/EP II-PLUS module to these 2 routers? According to the info I have seen I should be able to push 55 Mbits/sec over a vpn tunnel even without an AIM module, but I am getting nowhere near this amount.
How can I make sure I am sending optimal 1400 byte packets over this VPN connection?
I do notice my CPU spiking on the 2811 when I saturate the VPN tunnel using the ttcp command to send packets between the two routers.
What do you think?