.js slow loading in VPN connection

kostasthedelegate · ‎07-20-2021

Hello,

I have an HA of 2120 6.6.1 managed by FMC.

I have an issue with a web page

This page is for developers and when they are loading through VPN it takes much more time to load.

From network activity of chrome we saw that it is downloading very slow a .js file

What could I check on the FW to see why it is slow on the VPN?

Thanks and regards,

Konstantinos

Rob Ingram · ‎07-20-2021

@kostasthedelegate

Are you using IPSec or SSL VPN?

What version of AnyConnect are you using?

You get the best performance using AnyConnect 4.8 or newer and DTLS 1.2 or IPSec, if you are using just TLS that might explain the poor performance.

Run the command "show vpn-sessiondb detail anyconnect" to determine what protocol the user has connecting using. Provide the output if necessary.

kostasthedelegate · ‎07-20-2021

It is RA VPN

I will ask about the anyconnect version

We have DTLS enabled

Thank you for the immediate answer

I will look into and update you

kostasthedelegate · ‎07-20-2021

> show vpn-sessiondb detail anyconnect filter name Username

Session Type: AnyConnect Detailed

Username : Username Index : 1303

Assigned IP : ip Public IP : ip

Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel

License : AnyConnect Premium

Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES-GCM-256 DTLS-Tunnel: (1)AES-GCM-256

Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA384 DTLS-Tunnel: (1)SHA384

Bytes Tx : 218532081 Bytes Rx : 22080128

Pkts Tx : 362997 Pkts Rx : 332297

Pkts Tx Drop : 0 Pkts Rx Drop : 0

Group Policy : SSLVPNClient Tunnel Group : SSLVPNClient

Login Time : 05:59:27 UTC Tue Jul 20 2021

Duration : 6h:35m:45s

Inactivity : 0h:00m:00s

VLAN Mapping : N/A VLAN : none

Audt Sess ID : c21ef1690051700060f6663f

Security Grp : none Tunnel Zone : 0

AnyConnect-Parent Tunnels: 1

SSL-Tunnel Tunnels: 1

DTLS-Tunnel Tunnels: 1

AnyConnect-Parent:

Tunnel ID : 1303.1

Public IP : ip

Encryption : none Hashing : none

TCP Src Port : 1225 TCP Dst Port : 443

Auth Mode : userPassword

Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes

Client OS : win

Client OS Ver: 10.0.19042

Client Type : AnyConnect

Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037

Bytes Tx : 16499 Bytes Rx : 0

Pkts Tx : 12 Pkts Rx : 0

Pkts Tx Drop : 0 Pkts Rx Drop : 0

SSL-Tunnel:

Tunnel ID : 1303.2

Assigned IP : ip Public IP : ip

Encryption : AES-GCM-256 Hashing : SHA384

Ciphersuite : DHE-RSA-AES256-GCM-SHA384

Encapsulation: TLSv1.2 TCP Src Port : 1232

TCP Dst Port : 443 Auth Mode : userPassword

Idle Time Out: 30 Minutes Idle TO Left : 0 Minutes

Client OS : Windows

Client Type : SSL VPN Client

Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037

Bytes Tx : 16499 Bytes Rx : 312

Pkts Tx : 12 Pkts Rx : 3

Pkts Tx Drop : 0 Pkts Rx Drop : 0

Filter Name : access-list

DTLS-Tunnel:

Tunnel ID : 1303.3

Assigned IP : ip Public IP : ip

Encryption : AES-GCM-256 Hashing : SHA384

Ciphersuite : ECDHE-ECDSA-AES256-GCM-SHA384

Encapsulation: DTLSv1.2 UDP Src Port : 53568

UDP Dst Port : 443 Auth Mode : userPassword

Idle Time Out: 30 Minutes Idle TO Left : 30 Minutes

Client OS : Windows

Client Type : DTLS VPN Client

Client Ver : Cisco AnyConnect VPN Agent for Windows 4.9.06037

Bytes Tx : 218499083 Bytes Rx : 22079816

Pkts Tx : 362973 Pkts Rx : 332294

Pkts Tx Drop : 0 Pkts Rx Drop : 0

Filter Name : access-list