Cisco Support Community
Community Member

slow/lost packets over IPSEC VPN to ASA5505. Ideas?

I've read a few different posts about similar issues, but most of them do not really recommend any solutions.


- I have an ASA5505 setup at a data center in front of a few servers.

- I am succesfully making a VPN tunnel to the ASA from my remote location using with the Cisco VPN client

- I also tried the Shrew VPN client and it's working as well.

- I remotely work from a few different locations which use different ISPs (eg Rogers Cable, Bell DSL, Allstream, etc)

- I generally remote desktop from my windows 7 laptop into the windows 2008 servers at the data center and work on the servers.

- We have anywhere from 1 - 3 vpn tunnels going at a time from different people's laptops (1-3 different people are working).

The Problem:

-All laptops are having problems keeping the remote desktop (RDP) session up. RDP drops frequently, and at random times. Sometimes 2 minutes, sometimes 1 hour. etc. 

-I ran an extended Ping test from my laptop to the remote server and I am getting about 3-5% packet loss. Not consistent, but I can see every few minutes 5-10 packets are dropped.  I'm sure these dropped packets are causing RDP to drop.

- The VPN connection usually stays up (I don't have to login again), and sometimes the RDP session re-connects itself after a couple tries.

- I am also getting copy speeds of about 300-400 KB/s from my laptop to the server over the tunnel. Seems awfully slow for an ASA5505.

Any ideas on how I can trouble shoot this ?


- I tried reducing the MTU on the ASA device Outside interface (frmo 1500 to 1300) but it doesn't seem to have any effect.

- I am pretty sure the Cisco VPN client is using an MTU of 1300 because I used the Cisco SetMTU utility.


- I have the ASA interfaces set to auto/auto.

I generally use ASDM to administer the device, but I go into CLI when I have to. 

I've asked an experienced system administrator to help me out but he doesn't have any other ideas. I can engage him if there are some advanced settings I need to change.

Are there any other tests I can do to narrow down where the problem might be?

Is a packet trace with wireshark my only option at this point?

Do you have any thoughts on what specific settings I should be looking at?

Thanks for taking the time to read this and help.

CreatePlease to create content