Cisco Support Community
Community Member

PIX 501 to ISA 2006

Why is web browsing slower by about 1/2 when go to web thru VPN. When I browse web directly from PIX to Internet I am twice as fast. Could it be MTU settings?

Community Member

Re: PIX 501 to ISA 2006

It could be a number of things. First, keep in mind that browsing through a VPN generates twice as much traffic on the external interface because you are sending requests to the PIX, the PIX forwards them to the web site, the web site responds to the PIX, then the PIX forwards the response to you. If your Internet connection is slow, you will definitely notice this additional traffic. If this is your issue, setting up split networking and split DNS should resolve it. (That way, normal Internet traffic will bypass the VPN entirely.)

Second, the VPN encryption/decryption adds overhead to the entire process. What is your PIX's processor utilization like? Is it maxing out? What about your PC's processor utilization?

Re: PIX 501 to ISA 2006

It could be an MTU issue..

Can you check if the packet is being fragmented.

se this command

ping -l 1500 -f a.b.c.d

a.b.c.d is the proxy server IP.

CreatePlease to create content