Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1430 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN latency for international users

dclab
Greetings,
We're using the SSL VPN for our users to make secure RDP sessions to our office.  This is working fine for our 'local' users in the US, however we have a handful of staff in Israel who report that SSL is too slow to be usable.  Currently the fallback has been for them to use PPTP which works sufficiently.

I'm seeking advice on how to troubleshoot these international users to see what can be done to improve their performance.  Obviously the stronger encryption is increasing  the overhead for them, but PPTP is showing it's age.  I'm running an ASG220 on 8.103, SSL VPN is using a 2048 key size.  If a smaller key is the solution, is there a way to implement that without requiring all my US users to download new keys?

Any suggestions are appreciated.


This thread was automatically locked due to age.
  • 0
    For better performance, use the IPSEC VPN.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Bruce, I thought you were the one that taught me the trick of speeding up the SSL VPN by using UDP instead of TCP.

    If you change to 1024 and/or UDP, the users will need the new key and config files.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    IPSEC is still the fastest...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Agreed, especially since it's limited to a group in Israel and he could configure L2TP for them.

    I had just assumed that there was a reason to not use IPsec as someone said here once that it's blocked in some places in Europe.  L2TP over IPsec is always my first choice since it works well with Windows and iPhone.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    The original goal was to get everyone onto one VPN platform, and since SSL was firewall friendly + offered direct AD auth without needing Radius that was the choice.  
    I will first test the UDP and smaller key options on a spare ASG and see how that performs.  I too had read that IPsec was blocked in some places in the world, but it's a solid option.

    Thanks for the guidance guys, I do appreciate it.
Cookie Information Banner