Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

the WAN connection become too slow after configuring the VPN (Site-Site)

Hello

i have two branches connected over WAN connection (MPLS) using two 2921 routers.the connection is 2M.

i configured a VPN between these two sites, but after that the connection become very slow.

is there any thing i can do to accelerate the connection speed.

the VPN proposals are:

Phase 1 Proposals: 3DES, Preshared Key,

Phase 2 Proposals: esp-3des esp-sha-hmac

i dont think that lowering the Proposals security levels will add alot to the speed.....

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: the WAN connection become too slow after configuring the VPN

hi Mahmoud,

one thing that you should definetly do is go hardware encryption if you are not already doing tht, it also reduces load on your cpu

other things you could try is playing around with mtu, depending on your line mtu and what application are mainly used. try to set the mtu to atleast 60 odd bytes lower than the line mtu and also sometimes server have recommended mtu settings like many server have mtu requirement to be 1300 or 1400, if it not that much it might result in lot of re transmissions, you can also try crypto pre-fragmentation

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmvpnb.pdf

3 REPLIES
Cisco Employee

Re: the WAN connection become too slow after configuring the VPN

hi Mahmoud,

one thing that you should definetly do is go hardware encryption if you are not already doing tht, it also reduces load on your cpu

other things you could try is playing around with mtu, depending on your line mtu and what application are mainly used. try to set the mtu to atleast 60 odd bytes lower than the line mtu and also sometimes server have recommended mtu settings like many server have mtu requirement to be 1300 or 1400, if it not that much it might result in lot of re transmissions, you can also try crypto pre-fragmentation

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/vspa/configuration/guide/ivmvpnb.pdf

New Member

Re: the WAN connection become too slow after configuring the VPN

i adjusted the MTU to be lower than the WAN link and it works.

Thank you

Cisco Employee

Re: the WAN connection become too slow after configuring the VPN

I am glad it helped

276
Views
0
Helpful
3
Replies
CreatePlease to create content