I have a customer with a VPN network of ASA5505s running 8.4.x. The Internet circuits are all 100Mb lines and the units have full licences with oodles of memory.
If you do a rsync file copy between two sites performance is about 4-8Mb/s over the VPN. But if you do the rsync from the same local server to the same remote server but over a port forwarded SSH connection (so it is outside of the VPN) then the throughput is 70-80Mb/s (the lines are very lightly loaded).
Same ASAs, same local machines. There is lots of CPU and memory spare in the ASAs when the tests are running. The only difference I can see is that the slow transfer occurs in the VPN tunnel.
There are no physical interface errors, no VPN crypto accelerator listed errors.
Even though I could ping without issue at 1380 bytes (and smaller) outside of the VPN tunnel to the remote ASA I still thought it might be an MTU issue across the VPN but altering 'sysopt tcpmss' makes no difference, nor does fiddling with 'crypto ipsec fragmentation'.
There is nothing listed as a relevant bug on the Cisco TAC website.
Anyone else have any suggestions.