I have a site-to-site VPN setup between Houston and Chicago. The connection from Houston is very slow. I have a T1 link (SAVVIS) to the internet, but I only get about 195kb/sec. I bypassed the PIX 506 and directly connected a PC to the Internet router (2651) and received excellent speeds (1.2 to 1.4MB) to the internet. When I connect the PC to a 3550 on the inside of the PIX my speeds drop significantly. Is there a setting in the PIX that could possibly be throttling the speed?
I have the data sheet for the 506E and as per the data sheet, a clear text throughput of 100 Mbps is supported. The throughput is pretty high even with encryption (56-bit DES IPsec VPN throughput: 20 Mbps, 168-bit 3DES IPsec VPN throughput: 17 Mbps, 128-bit AES IPsec VPN throughput: 30 Mbps). One possibility is a MTU issue on the PIX outside interface. Have you try reducing that? It just might work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...