I have just setup a site to site VPN and have concerns about the throughput.
It is a hub and spoke topoligy with a ASA 5510 at the hub with a speed of 8Mb each way. Out on the spoke ADSL 857 routers with a download of 10Mb and 1Mb up. But the download speed over the VPN is only about 1.5 - 2Mb.
I have tested with the dreded PPTP VPN and get 8Mb download from the hub.
Checking the CPU of the router it not getting much higher than 10%.
I have adjusted mss on the dialer interface of the 857 to try and limit fragmentation.
ip tcp adjust-mss 1380
I think the ASA has these settings as standard.
The VPN is using AES128 SHA DH5 with perfect forward secrecy.
From the specs that I have seen the 857 should be able to do at least 8Mb through put with AES.
See table 3 on page 9 of the attached doc.
I am I expecting too much from it, should I have gone with a 877? Is there something else I can do to trouble shoot or tweak?
The number you quote is probably for 1400 byte packets with no variation - encryption speed usually has to do with the amt of packets that need to be encrypted, and what needs to be done with them.
I would start with trying a VPN tunnel with less encryption (3des vs AES) and see if that gives you any improvement. I would also remove any features (QOS, etc) that the 857 may be doing to keep the packet processing path in the router as simple as possible.
You may also want to try sniffing/capturing on the ASA for the flow to see if you see TCP stream issues (lots of fragmentation, retransmits, etc) to narrow down where the issue lies.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...