Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN speed issues

All, I have set up a site to site VPN with a remote office, the remote office has a 501 and my site has a 515. The tunnel works fine, however my users in the remote office complain about the speed...we have a leased line of 2mb the remote site is in a serviced office that has a 2mb leased line, however this pipe is shared between about 10 other companies (thats your first issue I hear you say) Is there anything I can do about the speed through the tunnel other than get the remote site to have dedicated links just for them? i.e is there any issues with a 501 talking to a 515 or can I set an MTU somewhere? I have set the encryptionto be triple DES which i know has an overhead, but for security's sake I dont want to go any lower than that....has anyone any suggestions.....thanks


Re: Site to Site VPN speed issues

What does mean slow speed???Users should understand that VPN is not simply LAN so if they trying open large files it is slow

Can you ping form one side to other (when is no huge traffic on VPN) and tell us what is round trip in ms?????

Also 501 is SOHO device and it hasnt so great performance like 515 or some 1700, 1800 routers


Re: Site to Site VPN speed issues


you might want to try and set the MTU size on your interfaces to 1350, and see if that makes a difference. You can use the global command:

mtu outside 1350

mtu inside 1350



New Member

Re: Site to Site VPN speed issues


i think I read somewhere that the PIX 501 has the encyption speed of 340kb/s, so.....

Also it could be a MTU and "ICMP need fragment issue". Make a sniff on the user side whether they are getting "ICMP need frament packet".Did you set up the MTU for the IPsec tunnel? If not, set it to something like 1300 to see whether it helps.

IPSec/3DES overhead is about 56 bytes per packet, so it is not so bad...