Latency: VPN Client vs Site to Site VPN

raycourtney · ‎03-16-2009

Is there a general feeling about the relative latencies and performance between site to site connectivity using a site to site VPN or using a Cisco VPN Client and a 3005 concentrator.

Would the Client method be an accurate way to simulate the latency that we would expect to see if we configured a site to site VPN?

John Blakley · ‎03-16-2009

A client method would be okay, but it generally has more to do with the type of encryption you're using, type of tunnel that you're creating (standard ipsec or GRE), and the type of applications that are going across the tunnel.

If you have client software, the latency "could" be higher if taking into account the overhead of the operating system that it's on, free memory, other applications running, etc. On the other hand, you only have one system using the tunnel.

For site-to-site, you'll have to contend with how many other people are using applications across the tunnel, what the encryption method is, the type of tunnel you've created, if you're using split-tunneling, etc.

If you don't use split-tunneling, then all of your applications will go through the tunnel including web browsing. It's recommended for security purposes to disable split-tunneling because you have more control over what comes through your edge presence as opposed to having every client with their own edge presence.

HTH,

John

HTH, John *** Please rate all useful posts ***