I have a customer with a VPN network of ASA5505s running 8.4.x. The Internet circuits are all 100Mb lines and the units have full licences with oodles of memory.
If you do a rsync file copy between two sites performance is about 4-8Mb/s over the VPN. But if you do the rsync from the same local server to the same remote server but over a port forwarded SSH connection (so it is outside of the VPN) then the throughput is 70-80Mb/s (the lines are very lightly loaded).
Same ASAs, same local machines. There is lots of CPU and memory spare in the ASAs when the tests are running. The only difference I can see is that the slow transfer occurs in the VPN tunnel.
There are no physical interface errors, no VPN crypto accelerator listed errors.
Even though I could ping without issue at 1380 bytes (and smaller) outside of the VPN tunnel to the remote ASA I still thought it might be an MTU issue across the VPN but altering 'sysopt tcpmss' makes no difference, nor does fiddling with 'crypto ipsec fragmentation'.
There is nothing listed as a relevant bug on the Cisco TAC website.
Have you tried to use an L3 device prior to the ASA5505 that would probably do the fragmentation? Or probably set the ip tcp adust-mss on the L3 device prior to the ASA? Accoring to the data sheet, it can do 100M 3DES but still depending on the VPN traffic pattern.
I just wonder, the ISP is 100M but the ASA is just 5505?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...