I set up a site to site vpn tunnel between a 2621x router and an ASA 5510 (T3 line for router and E1 for ASA). Speeds is expected to be slower than "internet" but what I am seeing is very very slow speeds. This happens with anything from downloading (large and small) files across the tunnel, citrix connections across the tunnel, remote desktop controlling a machine across the tunnel, etc. Pings across the tunnel result in these times:
bytes=32 time=206ms TTL=127
bytes=32 time=177ms TTL=127
bytes=32 time=202ms TTL=127
bytes=32 time=229ms TTL=127
Both endpoints are outside interfaces that all internet traffic also passes through from the respective sites. The MTU setting on the router is 4470 and the ASA is the default 1500. I'm not sure if that should have an effect on anything. I also disabled pre-fragmentation and no luck.
Anythign else I can look for and can do to get this to improve?
Some more notes:
Come to think of it, the way the tunnel is setup is that it has 2 peers (2 ISPs), both being NAT addresses of the outside interface of the ASA. I have it configured as such on my 2621x router:
What this should do, I think, is that it will only connect to one peer, and if that fails, should connect to the other. The dynamics behind I don't know like its whoever gets connected first will be the endpoint or there is some priority. In anycase, each time I will only see one endpoint being connected but is the traffic being "split" in half between the two? Is that why it would be slow?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :