Solved: slowness between IPsec tunnel and when we are trying to access portals from local network to remote ...

shivaram840 · ‎05-02-2016

Hi Peeps,

we are facing slowness issue between Ipsec Tunnel we are using ASA 5520 and ASA 5515-x But when ever we are trying to access customer end Application ,it takes too much time to open and even when i put ping test to remote end IPs first 2 mins getting Request Time Out.

But the same application we are able to access without slowness using remote VPN

can you please suggest me what are the causes ?

Aditya Ganjoo · ‎05-02-2016

Hi Shiva,

There are many reasons that can lead to this but most of the times it could be related to fragmentation issues.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82444-fragmentation.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmsw_book/ivmvpnb.html

http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

Also you can check the logs on the ASA when you test this traffic, do you see any kind of drops in sh cry ipsec sa peer <ip> output ?

Regards,

Aditya

Please rate helpful posts.

View solution in original post

Aditya Ganjoo · ‎05-02-2016