Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 36 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 181419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site IPSEC Extremely Slow

ChrisWestmacott

I have an IPSEC tunnel established between two sites that are within 30ft of each other (the buildings are next door).  Both sites get 100Mbps down / 10 Mbps up.  I setup an IPSEC tunnel between both sites using the default configuration of DefaultHeadOffice and DefaultBranchOffice in the IPSEC settings.  I have policies allowing LAN to VPN and VPN to LAN.  Everything is all pretty basic.

Once I setup the tunnel, I tried to do a simple file transfer of one 20MB file between a branch workstation and a server at Head Office.  It transferred the file at a speed of 0.7Mbps.  Considering both sites get 10Mbps upload, and given some overhead for the VPN tunnel, I would expect the speeds to be at least 7 or 8 Mbps, not 0.7....  Does anyone else have any experiences of insanely slow site-to-site IPSEC tunnels or have any recommendations?

The Head Office has an XG125 and remote office has an XG105 running MR2.  Both are at 50% memory usage and between 0-10% CPU usage.



This thread was automatically locked due to age.
Parents
  • 0

    I am having the same issue.  the only wrinkle: one end of the tunnel is running a SonicWALL TZ 400 which means I can't switch to an SSL VPN tunnel.  Sophos is an XG210

    I tried disabling PFS and saw no differences.

     

    the slower of my two internet links is 100MBps down and 20MBps up.  running some iperf tests between two hosts on either end, I am averaging less than 1MBps, usually around .5MBps

     

    any help or updates would be appreciated.

  • 0 in reply to ZaneDonaldson

    We have Riverbed WAN optimizers at each location.  After restarting the service on our central hub site Riverbed, we started seeing the proper optimization happen and the speeds looked much better.  I think we still might have some throughput issues with some locations since the Riverbeds make the circuit "feel" faster.  I still have on my to do list to turn off wan op at each site and test raw speeds.

Reply
  • 0 in reply to ZaneDonaldson

    We have Riverbed WAN optimizers at each location.  After restarting the service on our central hub site Riverbed, we started seeing the proper optimization happen and the speeds looked much better.  I think we still might have some throughput issues with some locations since the Riverbeds make the circuit "feel" faster.  I still have on my to do list to turn off wan op at each site and test raw speeds.

Children
No Data