cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
645
Views
0
Helpful
0
Replies

Degraded VPN Experience

Justin Westover
Level 1
Level 1

We are having a strange problem that I can't seem to diagnoise with our VPN deployment. We currently have two different firewalls serving two different functions. One is our parimeter firewall that controls ingress and egress traffic to our corporate network and the other firewall is used for VPN (Anyconnect). Within our corporate network we default route out through our parimeter firewall. All web traffic is picked up via WCCP and redirected to our IRONPORT WSA server. This is done by a router prior to reaching our corporate firewall.

All inbound Anyconnect sessions are tunneled (default route tunneling on ASA) to the router adjacent to the ASA used for VPN. This router picks up any outbound (towards the Internet) traffic on port 443 or 80 and redirects via WCCP to IRONPORT. The problem I see (any many others) is the speed once connected to VPN is extremely degraded. Speedtests out to the Internet show roughly 2Mbs even with your slowest circuit is 50Mbps. For example, I'm not on VPN and go through a speed test, I get somewhere around 50Mb download, when i'm on the corporate LAN and go through a speedtest, our cicruit is 100Mbps so I get around 95-100Mbps as you would expect. However, when I'm at home and I connect to VPN using my 50Mbps connection, my speedtest drops from 50 to around 1-2Mbps -- No good!

It is important to not that I have taken WCCP and ironport out of the equation and I maintain the same horrible speeds. I have checked errors on interfaces I have captured via wireshark and googled but nothing really points me to anything definative. it is also important to note that my VPN connection comes in on one ASA, but leaves the network on a different ASA. The reply traffic return via the parimeter firewall then returns to me on the VPN firewall. Any thoughts or clues on what could be causing this problem?

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: