Thanks,Thus it have reverse impact on other traffic.

What impact does the reverse traffic experience?

Hi

With current mss seetings(1480)  it work fine when there is no tarrfic load on the network.

During the peak working hours users starts facing slowness problem.

Currently i have priotized traffic with max bandwith.

Have you tried lowering the MTU? lower it to 1200

Currently it is set to 1500 ,I will check and let u know.

Thanks for your guidance

No luck,Is there any other parameters need to be check.

Hi,

Below are my inputs.

1.   usres can easily connect to remote access SSL VPN and do RDP to Virtual machine.

Note:   On My end we have asa firewall and far end it is Juniper firewall.

2  Once they connect to Virtual machine  they start excuting there works after every  10 to 15  min suddenlly there machine gets freezed neither they can move the mouse .after one minute it become normal.

Note- This issues oocurs  for the  all users simultaneous  connected to that machine at SAME time.

3  Changed mss and mtu value  , even shutdown the ips sensor still no luck.

Hello Prashant,

U told us this is a remote access SSL VPN.

Does the SSL VPN terminates on the ASA or the Juniper box?

Is the Juniper just a pass-through device??

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Hi,

SSl vpn terminates on Juniper.On our side it is ASA.

So,

The ASA is just a passthrough device?

I mean a firewall in the path That's it right?

My recommendation is to determine what's the biggest packet you can send through the FW and the Junos box to determine who is the one with the MTU having the problem (Also on the local and remote networks)

Run pings from client machines with different sizes and the DF set and determine the PMTU.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Hi

Thanks,

Ya the firewall is in the path.Ping is blocked from far end client machine.Allowed from  my side.

Is there any other way to detemine it.

Another thing to add i have changed to 1200 .But issue didnot resolve infact other vpn got afecting with slowness issue.

I see,

Okey, Cisco recommended value is 1380 when dealing with Traffic that will be encapsulated over differente headers such as IPsec, GRE, etc.

In our case is regular TCP (Just that goes encrypted) but no overhead.

Now, all TCP traffic is by default set with the DF value flag so it will not get fragmented.

The other way would be clearing the DF value before the traffic reaches the ASA.

Read the following blog so you can understand what I am talking about and why PMTU is needed here

http://www.networkworld.com/community/blog/mtu-size-issues

Changing the MTU will be needed buddy but instead of making it lower it needs to be higher,

Again the best way to approach this would be PMTU but we make sure the application understands the ICMP "Message too big"

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

So MTU has to be changed for inside and as well as Outside interface.

Currently it is 1500