Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

satellite vpns

does anyone have any experience running the vpn client through a satellinte uplink product to a vpn concentrator? for example, when surfing the web thru the satellite service (i.e. direct-way) the speeds are very fast. however , after establishing an vpn tunnel the throughput goes down dramatically. does any one know the ezplanation for this and is there a fix?




Re: satellite vpns

Had the exact same problem. You can try adjusting the MTU. Start at 1400 and work your way down.. I finally got resonable speeds at 1300. It was still very problematic though I have seen here other people use it w/o a problem. We ditched it for an ISDN line after a while anyway.

Community Member

Re: satellite vpns

TCP/IP) can be inefficient using satellite links due to latency created by long transmission path lengths and the noise associated with wireless links. Because geosynchronous satellites are in orbit at 22,300 miles high, there is a very long delay in the up/down link.(on the order of .25 - .50 of a second) Though TCP can be optimized for operation over satellite links to a certain degree, (buffering, proxy, spoofing, etc.) it does not consistently perform well under the full range of varying conditions that are expected to occur when the communications path comprises multiple satellite and terrestrial segments. These conditions include error rates caused by channel noise (not simply network congestion), link asymmetry (different bandwidths in opposing directions), long propagation delays, and interrupted connectivity. TCP was designed to operate in a low-noise environment and, therefore, tends to treat all packet loss as due to network congestion. The normal reaction of the TCP congestion control algorithms to either real congestion or to packet corruption, caused by a high bit error rate on the link, is to throttle back on the packet transmission rate (reduce sliding window).

Also, acknowledgements that are delayed in transmission can force a retransmission of data that has actually been received correctly. Because VPN is an end to end link, as opposed to just say an HTTP best effort connection, it will be slower.

CreatePlease to create content