05-02-2016 01:43 AM - edited 03-12-2019 12:41 AM
Hi Peeps,
we are facing slowness issue between Ipsec Tunnel we are using ASA 5520 and ASA 5515-x But when ever we are trying to access customer end Application ,it takes too much time to open and even when i put ping test to remote end IPs first 2 mins getting Request Time Out.
But the same application we are able to access without slowness using remote VPN
can you please suggest me what are the causes ?
Solved! Go to Solution.
05-02-2016 03:53 AM
Hi Shiva,
There are many reasons that can lead to this but most of the times it could be related to fragmentation issues.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82444-fragmentation.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmsw_book/ivmvpnb.html
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
Also you can check the logs on the ASA when you test this traffic, do you see any kind of drops in sh cry ipsec
Regards,
Aditya
Please rate helpful posts.
05-02-2016 03:53 AM
Hi Shiva,
There are many reasons that can lead to this but most of the times it could be related to fragmentation issues.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82444-fragmentation.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmsw_book/ivmvpnb.html
http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html
Also you can check the logs on the ASA when you test this traffic, do you see any kind of drops in sh cry ipsec
Regards,
Aditya
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide