Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Slow transfer speed over VPN connection


Recently I setup an SSL VPN to connect to my parent's home network.  I have some computers there, and want to try to transfer files between my computer and the one at my parent's.  Over the VPN connection, I only get 128kb/s.  On both ends, they are 15Mbps connections, and can support internal copies of 4 megs/s.  I feel like I should get a better speed than that.  I looked around, and people suggested changing the MTU.  I have changed the MTU around, and not noticed any increase in the network speed over the VPN.  Currently the MTU is at 1500.  Below is a copy of my running config.  Any thing I'm overlooking, or is this speed normal?  Sorry, still relatively new to the ASA 5505.

ASA Version 8.2(5)


hostname HardmanASA

enable password #####

passwd ###### encrypted



interface Ethernet0/0

switchport access vlan 20


interface Ethernet0/1

switchport access vlan 10


interface Ethernet0/2

switchport access vlan 10


interface Ethernet0/3



interface Ethernet0/4



interface Ethernet0/5



interface Ethernet0/6



interface Ethernet0/7

switchport access vlan 10


interface Vlan1

no nameif

no security-level

no ip address


interface Vlan10

nameif inside

security-level 100

ip address


interface Vlan20

nameif outside

security-level 0

ip address dhcp setroute


ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

access-list nat_0 extended permit ip

access-list split_tunnel standard permit

pager lines 24

mtu inside 1500

mtu outside 1500

ip local pool VPN_Pool mask

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 10 interface

nat (inside) 0 access-list nat_0

nat (inside) 10

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh inside

ssh inside

ssh timeout 5

ssh version 2

console timeout 0

management-access inside

dhcpd dns


dhcpd address inside

dhcpd enable inside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


enable outside

svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1

svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2

svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

username ###### password ###### encrypted

tunnel-group AnyConnect type remote-access

tunnel-group AnyConnect general-attributes

address-pool VPN_Pool

tunnel-group AnyConnect webvpn-attributes

group-alias AnyConnect enable


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily


: end

New Member

Re: Slow transfer speed over VPN connection


In this case should be necessary to enable Dtls, Dtls uses udp, avoids latency and increases bandwitdth. If Udp is blocked the Ssl connection will fallback to regular TLS. You can enable it in Asdm by ckecking it in the interface

Configuration/ remote access / network client access/ ssl connection profile


Sent from Cisco Technical Support iPhone App

New Member

Slow transfer speed over VPN connection

I just enabled DTLS on both the inside and outside interfaces with no noticeable changes in transfer speed.  Any other suggestions?

New Member

Re: Slow transfer speed over VPN connection


Another option is the use of the compression command, this is usually enabled by default but maybe you can enter it due to is not showed in the running config, the command is compression svc.

Note: The command helps when we have low bandwitdh connections, the command reduces the size if the packets, for broadband connections this can decrease regular performance


Sent from Cisco Technical Support iPhone App

New Member

Re: Slow transfer speed over VPN connection

Thanks for the suggestion.  After trying the "compression svc" command, I didn't notice any speed increase unfortunately.

New Member

Re: Slow transfer speed over VPN connection


This may be the most stupid question ever but have you verified the connection speeds from your parents network behind the ASA5505 to Internet? Also a more up-to-date version of ASA software wouldn't hurt either.

New Member

Re: Slow transfer speed over VPN connection

I have verified that each network has 15Mbps via  Don't you have to have a Cisco premium license to received upgrades?  I just bought this on Amazon, so if I can get free upgrades, I'll definitely go that route.

CreatePlease to create content