cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
3
Replies

Hub and Spoke VPN network, very slow inter-site

jacobs_son
Level 1
Level 1

Hello all, hoping someone can give a quick bit of advice...

I have 20 dispersed sites each with 5Mb leased lines, and a central hub site with a 100Mb uplink to a top tier service provider. All of the remote sites talk to each other through the hub. This is essentially just 20 L2L connections with hairpinning enabled on the outside int of the hub site.

The hub can talk to all sites at 5Mb (upload and download to those sites at 500KB/s), and with a direct tunnel between any 2 of them I get the full 5Mb, but going via the hub site the maximum transfer speed I can achieve is only 100KB/s.

Is this to be expected with the additional encaps/decaps and encrypts/decrypts that going over the 2nd tunnel to reach the destination brings? Or does it sound as though things aren't quite functioning correctly?

All performance figures on the hub firewall look absolutely fine, pretty constant 20% cpu usage and 50% mem usage, no unusual interface statistics etc. All firewalls are ASA5520.

Any thought or suggestion would be greatly appreciated.

James

3 Replies 3

jacobs_son
Level 1
Level 1

Anyone have any experience with this kind of setup, or any idea what the performance impact should be assuming 50ms latency between all remote sites and the hub? I understand that the decryption and encryption on the hub will add some delay, but I wouldn't expect an 80% drop in transfer rate between any 2 remote sites...

I'm at a loss so any thoughts greatly appreciated?

Thanks

Hello,

Is this a DMVPN??

Regards,

Ok so you have 20 L2L and u are doing hairpinnig. I know that the encp/decap -- encap/decap will produce a delay. I don´t know id ASA are the best option for fully meshed VPNs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: