Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Citrix over GRE VPN


I need some guidelines on how I can improve performance for our XenDesktop users in Singapore complaining about slowness with email and worksite document management system now centralised in London.

Currently we have Implemented Cisco 3925 routers with GRE VPN over IPSEC using EIGRP protocol between remote office and London. Also running latest riverbed a which provided citrix ica optimisation. Singapore have a local 10mb internet connection and London 80mb.

I understand that the encryption and decryption of packets adds additional latency as opposed to using Citrix over normal Internet connection.

Is there anything I need to do on the Cisco 3925 that will help increase performance ?

Any advice and guidelines would be welcome.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Gold

Citrix over GRE VPN

You can do GRE without encryption. That will decrease latency, increase MTU, and be beneficial.

Super Bronze

Re: Citrix over GRE VPN


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.


Some things to insure, if you're not doing already.

Insure your VPN routers have very little need to fragment packets.

Don't share your Internet VPN links with non-VPN traffic.

Use shapers to insure any congestion can be managed by you.

Prioritize Citrix traffic over other traffic, except perhaps for real-time traffic (e.g. VoIP).

Insure your average Citrix doesn't exceed 50% of bandwidth, better would be not to exceed 1/3.

If your Citrix allows for disk-to-disk and/or printing, use NBAR to prioritize that traffic lower than Citrix screen scraping traffic.


If your applications have moved from LAN to WAN, especially on the other side of the world, realize even at very best, no WAN can perform as well as the LAN due to distance based latency.

New Member

Re: Citrix over GRE VPN

GRE without encryption , can this be removed between specific sites or does this have to be done for all sites ? If how do I configure ?

MTU between tunnels is set to 1400 due to GRE packet header overhead.

Is there any configuration examples for prioritising Citrix traffic on Cisco 3925 ?
I guess it would make sense since we share VPN traffic with Internet wireless traffic.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Gold

Re: Citrix over GRE VPN

Just configure gre/multipoint DMVPN.

New Member

Re: Citrix over GRE VPN

No sorry that is alot of disruption and down time.

Sent from Cisco Technical Support iPhone App

CreatePlease to create content