All, I have set up a site to site VPN with a remote office, the remote office has a 501 and my site has a 515. The tunnel works fine, however my users in the remote office complain about the speed...we have a leased line of 2mb the remote site is in a serviced office that has a 2mb leased line, however this pipe is shared between about 10 other companies (thats your first issue I hear you say) Is there anything I can do about the speed through the tunnel other than get the remote site to have dedicated links just for them? i.e is there any issues with a 501 talking to a 515 or can I set an MTU somewhere? I have set the encryptionto be triple DES which i know has an overhead, but for security's sake I dont want to go any lower than that....has anyone any suggestions.....thanks
i think I read somewhere that the PIX 501 has the encyption speed of 340kb/s, so.....
Also it could be a MTU and "ICMP need fragment issue". Make a sniff on the user side whether they are getting "ICMP need frament packet".Did you set up the MTU for the IPsec tunnel? If not, set it to something like 1300 to see whether it helps.
IPSec/3DES overhead is about 56 bytes per packet, so it is not so bad...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...