we've got a vpn-tunnel established between two 2621 Routers and have the AIM/BP Encryption Card installed. It work's, but the Performance is not quite what we expected. We've got Windows 2000 and Windows NT Servers on one tunnel-end, and the Performance of the NT Server is only about 1/3 of the Windows 2000.
Has anyone got any hints about tuning my VPN ?
Would it make a difference changing from §DES to DES ?
What is the best tcp/ip packet size for my tunnel ?
So youre getting better performance across the VPN with Windows 2000 vs. NT? This may have nothing to do with the VPN. Have you timed large ping packets across the tunnel from both machines to compare? I know there will be some performance loss with 3DES over DES but 3DES is far more secure. 3DES performance with hardware acceleration, 1400 byte packets is rated at about 6 Mpbs according to this grid http://www.cisco.com/cpropart/salestools/cc/so/neso/vpn/vpne/s2sdes.htm#xtocid229320
we still haven't solved our problem with the perfomance. Cisco told us to turn off "fast-switching-mode" on the LAN Side of the tunnel, but this cut our performance overall by 50%. According to Cisco the VPN encyption card should be doing 6MBit, how much performance do you get (we get about 300-400KByte on av., compared to the theoretical 768KByte).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...