Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
3
Replies

the WAN connection become too slow after configuring the VPN (Site-Site)

Go to solution
mahmoud.yasin
Level 1
Level 1

‎11-07-2010 12:35 AM

Hello

i have two branches connected over WAN connection (MPLS) using two 2921 routers.the connection is 2M.

i configured a VPN between these two sites, but after that the connection become very slow.

is there any thing i can do to accelerate the connection speed.

the VPN proposals are:

Phase 1 Proposals: 3DES, Preshared Key,

Phase 2 Proposals: esp-3des esp-sha-hmac

i dont think that lowering the Proposals security levels will add alot to the speed.....

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee

‎11-07-2010 01:21 AM

hi Mahmoud,

one thing that you should definetly do is go hardware encryption if you are not already doing tht, it also reduces load on your cpu

other things you could try is playing around with mtu, depending on your line mtu and what application are mainly used. try to set the mtu to atleast 60 odd bytes lower than the line mtu and also sometimes server have recommended mtu settings like many server have mtu requirement to be 1300 or 1400, if it not that much it might result in lot of re transmissions, you can also try crypto pre-fragmentation

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmvpnb.pdf

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee

‎11-07-2010 01:21 AM

hi Mahmoud,

one thing that you should definetly do is go hardware encryption if you are not already doing tht, it also reduces load on your cpu

other things you could try is playing around with mtu, depending on your line mtu and what application are mainly used. try to set the mtu to atleast 60 odd bytes lower than the line mtu and also sometimes server have recommended mtu settings like many server have mtu requirement to be 1300 or 1400, if it not that much it might result in lot of re transmissions, you can also try crypto pre-fragmentation

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmvpnb.pdf

0 Helpful

Go to solution
mahmoud.yasin
Level 1
Level 1
In response to Jitendriya Athavale

‎11-07-2010 06:53 AM

i adjusted the MTU to be lower than the WAN link and it works.

Thank you

0 Helpful

Go to solution
Jitendriya Athavale
Cisco Employee
Cisco Employee
In response to mahmoud.yasin

‎11-07-2010 05:02 PM

I am glad it helped

0 Helpful
Customers Also Viewed These Support Documents