A confusing matter is occuring and here is the scenario:
I have two PIX-515E-R units with a L2L IPSec tunnel established. One of them is in the UK and the other one is in Jordan (Middle East); the Internet link in the UK is super fast but the link in Jordan is only 512Kbps. Everything was running fine till we increased the number of users in the branch office where the tunnel performance got worse. When we PING through the tunnel we get delay figures between 500-1200 mS but when we PINg an extrnal IP (sitting in the same location in the UK) from the same machine in Jordan it ranges between 100-150 mS and this is a big difference.
What I can see is that it's only when we go through the tunnel, the delay figures will shoot very high. The only thing that is coming through my mind is the lack of hardware acceleration on both PIXs but again I contradict with myself since the link is only 512Kbps and the CPU utilisation on both PIXs is never above 10%.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...