Slow VPN Connection

Similar Messages

• Slow transfer speed over VPN connection

  Hello,
  Recently I setup an SSL VPN to connect to my parent's home network.  I have some computers there, and want to try to transfer files between my computer and the one at my parent's.  Over the VPN connection, I only get 128kb/s.  On both ends, they are 15Mbps connections, and can support internal copies of 4 megs/s.  I feel like I should get a better speed than that.  I looked around, and people suggested changing the MTU.  I have changed the MTU around, and not noticed any increase in the network speed over the VPN.  Currently the MTU is at 1500.  Below is a copy of my running config.  Any thing I'm overlooking, or is this speed normal?  Sorry, still relatively new to the ASA 5505.
  ASA Version 8.2(5)
  hostname HardmanASA
  enable password #####
  passwd ###### encrypted
  names
  interface Ethernet0/0
  switchport access vlan 20
  interface Ethernet0/1
  switchport access vlan 10
  interface Ethernet0/2
  switchport access vlan 10
  interface Ethernet0/3
  shutdown
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown    
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  switchport access vlan 10
  interface Vlan1
  no nameif
  no security-level
  no ip address
  interface Vlan10
  nameif inside
  security-level 100
  ip address 192.168.250.1 255.255.255.0
  interface Vlan20
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  access-list nat_0 extended permit ip 192.168.250.0 255.255.255.0 192.168.251.0 255.255.255.0
  access-list split_tunnel standard permit 192.168.250.0 255.255.255.0
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  ip local pool VPN_Pool 192.168.251.100-192.168.251.101 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 10 interface
  nat (inside) 0 access-list nat_0
  nat (inside) 10 192.168.250.0 255.255.255.0
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.250.0 255.255.255.0 inside
  http 192.168.251.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh 192.168.250.0 255.255.255.0 inside
  ssh 192.168.251.0 255.255.255.0 inside
  ssh timeout 5
  ssh version 2
  console timeout 0
  management-access inside
  dhcpd dns 8.8.8.8
  dhcpd address 192.168.250.20-192.168.250.50 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  enable outside
  svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
  svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
  svc enable
  tunnel-group-list enable
  group-policy DfltGrpPolicy attributes
  dns-server value 8.8.8.8
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split_tunnel
  username ###### password ###### encrypted
  tunnel-group AnyConnect type remote-access
  tunnel-group AnyConnect general-attributes
  address-pool VPN_Pool
  tunnel-group AnyConnect webvpn-attributes
  group-alias AnyConnect enable
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:74fc2287573841a837e97887840a2d91
  : end

  Hi,
  Another option is the use of the compression command, this is usually enabled by default but maybe you can enter it due to is not showed in the running config, the command is compression svc.
  Note: The command helps when we have low bandwitdh connections, the command reduces the size if the packets, for broadband connections this can decrease regular performance
  Regards,
  Sent from Cisco Technical Support iPhone App

• Very Slow VPN

  I have a pretty basic server setup. The same setup I've done many times before (although all the others have been on 10.5). Basically the server is also the router. VPN uses the high end of the IP range, DHCP uses the middle. The firewall is set up to give full access to the LAN including VPN connection. And public access is limited. I did map all the important ports, 1701, 4500, 500, GRE... (i forget the full list for L2TP but they're all checked). Oh yeah, I'm talking about L2TP. So I can connect to my VPN fine, but the speed is horribly slow. The most dramatic way to illustrate this is connecting to my server's external IP (i'm in another town currently) in Safari to load the default OS X page. It loads basically instantly. Then load the same page using my server's internal IP address, while connected to the VPN. It loads, but it takes about a full minute to full load. This is kind of an issue because I was planning on running the iCal servers over the VPN from user's iPhones and iPads. I can't think of anything else that could possibly be slowing this down. It's like my VPN pipe has been top-killed. Yippee for topical humor. Any suggestions?

  Hello Shawn
  I have joined the screenshots  .Thank you !
  Site1:
  Site2:

• Slow VPN throughput speeds using WRT54GX4

  I have a WRT54GX4 and am experiencing slow VPN throughput.
  When I connect from my home network to my work network via my companies VPN client I've noticed that the throughput drops significantly.  Speed tests to DSL Reports are ~10500 kbit/s download and 950 kbit/s upload when going through the WRT54GX4 not using VPN, but only 250 kbit/s download and 95 kbit/s upload when I connect using my VPN client.
  I have used the same laptop computer at various locations away from home and tested through my work VPN connection to DSL Reports and noted that the speeds don't change too much when I switch between direct and VPN.
  Next I bypassed the WRT54GX4 router all together and connected directly to my cable modem at home and repeated the test.  This time the speed test using my VPN client was ~9950 kbit/s download and 850 kbit/s upload.
  My company has several DS-3 connections that are load sharing and as mentioned above testing from other locations has shown that my office isn't the bottleneck.
  Everything points to the WRT54GX4.
  Also, my previous router was an early Wireless-G Linksys router - forgot the model - and it did not slow down my VPN like this new one does.
  The problem exists in either wired or wireless connection mode.
  I recently upgraded with the latest firmware V 1.00.20 but that didn't help.
  I have also tried various MTU sizes and auto but nope, no joy there.
  By the way, we have both Cisco and Nortel VPN servers at work and I've tried each client on two separate host machines at home and both exhibit the same slow connection.
  When I turn off the VPN client everything is great and my speeds are super.
  Any ideas?

  This may help significantly.
  I have DSL, speed is 3 mb. I have a WRT54GS router. When I hardwired the connection from modem to laptop, speed was 3mb - ISP was doing it's job. Via wireless connection, speed dropped to 1 mb.
  I spoke with Linksys and after some tweaks (upgrading Firmware etc ...) - they said that the drop was not unexpected and this is what I had to accept.
  I spoke with my network specialist at work (I am in I.T. myself) and he thought that the router should not eat 2/3 of the speed. This was confirmed by the Geek Squad as well.
  Combing through this forum, I came across an interesting article about some tweaks you can do with www.speedguide.net - they have an optimzing tool that has yielded the solution.
  Try this ...
  http://www.speedguide.net/files/TCPOptimizer.exe
  This will download the tool. When you open this up you will see a number of tabs - the general tab yielded the most for me. You will see some radio buttons for current state and proposed state. When you choose apply you will see the registry settings that will be affected - a re-boot is necessary.
  So after I did this, I noticed that my wireless speed was up to 2 mb - better but still only 2/3 of what I expected.
  About an hour later I went to the basement, did a speedcheck ( www.speedtest.net ) - and I was getting 3 mb!! I went up to the kitchen and ... 3mb. I went to the access point and ... 3mb.
  Bottom line: Re-boot helps - but it seems that there is some cycling involved ... so try a little later.
  Message Edited by Shamrockoz on 11-09-2007 01:44 PM

• Slow vpn

  Hello All!
  I'm wondering about my VPN.
  Firstly, my modem stats are:
  up/down
  SNR (0.1dB): 69/93
  Attenuation (0.1dB): 360/182
  Output power: 0/128
  Attainable Rate: 14084/1124
  It seems to connect (speedtest) at 8Mbps on a good day. Sometimes more like 6. My modem is a TP-Link 8960N and I'm in Sydney.
  What I have also found is that using a VPN to the UK (for work) I get down speeds of .8 Mbps only on a good run, and that is very very variable. I've tried three different VPN providers (at various price-points, including Vyprvpn), and they make no appreciable difference. I'd really like a more stable and faster VPN connection to the UK.
  This is all on an ipad, since I don't have a desktop for a bit. I did try my ipad (not the VPN) on a friend's cable connection and it was faster, so I don't think it's the ipad... Or??? I'm wondering what I can do about getting the VPN to work better?
  Any advice?? Do I need perhaps to open any ports or something?
  Thanks!

  If you're doing remote file access across a WAN, it's often noticeable slower than local LAN access due not only to usually much lower bandwidth but additional latency.
  That noted, one issue that often impacts performance is fragmentation of packets. Ideally, hosts will detect the fragmentation and reduce their packet sizes, but it's better if it doesn't occur to begin with.
  This Cisco White Paper will discuss the issue at length: http://www.cisco.com/warp/public/105/pmtud_ipfrag.html

• Slow VPN on RV042

  We have PPTP configured on our Cisco RV042 VPN router. About once a day we have a severe slow down with the VPN connection. I did a tracert from home and found this on the last hop:
  13   900ms  1104ms  999ms  wsip-[our ip address].dc.dc.cox.net
   All hops leading to this are fine. Just the last hop to our ip address. Would this be a problem with our RV042 or with the Cox Cable Modem?

  Hello mwsmith23,
  I would check your Bandwidth settings first to make sure they are at least set to 10MB over your bandwidth provide by your ISP.  So if you get 30 down and 10 up I would set the bandwidth for 40 down and 40 up to eliminate the RV042 throttling your traffic.  As the RV042 bandwidth is set in Kbps just take your bandwidth and multiply it by 1024.
  After that try the following:
  To isolate where the latency is at I would do some pings from the local LAN of the RV042.  
  Each ping would be:
  ping "LAN of RV042" -t -l 1500
  ping "DG of the RV042's WAN IP addr" -t -l 1500
  ping 8.8.8.8 -t -l 1500
  Adjust the 1500 to 1472 or adjust by -10 until a ping goes out successfully.  So if 1472 fails attempt with 1462 and so forth.  
  With this test you can see how the internal LAN is processing the traffic to the LAN of the Modem and then to the cloud.  If you are seeing excessive traffic to the Modem and to the cloud then it probably is your modem and you should consult your ISP.
  Hope this helps,
  Michael D.

• How to reduce the IPSec VPN connection establishment time

  Hi,
  I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as  a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly.
  The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes.
  Could anybody tell me if this amount of time can be reduced (with a partcular configuration instruction)?
  Or this is the minimum amount of time required for the first connection establishment?
  Thank you for your help.

  Sara,
  Two minutes sound like a lot of time even with a super slow Internet connection. Could you share your configs to see if there is anything on the VPN config that is adding such a huge delay? The connection stablishment shouldnt take more than a few seconds.
  Thanks,
  Raga

• Cannot sustain VPN connection

  I need to work from home 2-3 days a week and moved to Infinity just before Xmas - now I can't sustain a VPN connection, over either wireless or wired ethernet connection.
  The connection is made fine, first time, but drops after usually a minute or 2, and after that will not reconnect without a PC reboot (and sometimes not even then.)  From the VPN client (Cisco) error messages the client is unable to resolve any of the four VPN gateways that are available.
  If I use a mobile dongle to connect the PC to the internet, the VPN stays up - but is too slow to be workable (and expensive) -  but that to me rules out any client/PC issues.
  I've been through this forum quite extensively and this looks like the problem with "BT Web Address Help" that many others have had - but I can confirm that I have opted-out of this service at least a week ago now, and there's no change in the way VPN behaves.
  Please can someone assist on this as I'm unable to do my job without home VPN access - this is making me do an extra two 80 mile round trips each week to connect to the corporate network.

  Changing the PC's MTU value might help, or even changing your DSL Router?
  http://community.bt.com/t5/BB-in-Home/BT-Home-Hub-2-0-crashes-using-Ethernet/m-p/10660#M6062
  http://community.bt.com/t5/BB-in-Home/BT-Broadband-and-MTU/m-p/12660
  The Homehub2 often doesn't like transferring large files especially if fragmented, which is more likely when using VPN.
  "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

• Slow Server Connections

  I have been having difficulty with connecting to servers using VPN. found a few things:
  - VPN connections is fine, I can browse web servers.
  - I can connect to other linux-based computers.
  - when I connect to a windows based computer, it takes roughly 3:30s to connect.
  I created a new account on my mac...connected to VPN, everything works fine.
  - this tells me that it is something with my user I am currently using.
  Any tips on how to fix this?

  I'm pretty sure the problem here is somehow related to my other post, but for shites and grins I would still like to know how I can receive a Slow Server alert when no actual page requests are running and it says there are 0 open connections to any of the datasources.

• Can anyone suggest a free fast VPN connection

  Can anyone suggest a free fast VPN connection.
  i want to access streaming video (ie hulu.com)that is blocked in canada. Hotspot Shield works but is way too slow and I get stuttering and frozen video.
  Any suggestions would be appreciated
  Thanks in advance
  Dave

  Fast and free? I'm surprised you can even find slow and free. I use StrongVPN. It is fast, but it isn't free at $15/month.

• Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!

  Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!

  ... when i click go - connect to server, it comes up with connection failed.
  If you're trying to connect to a Bonjour server on the remote network, that won't work over a layer 3 VPN. Use something like Hamachi or one of the SSH-tunnelling Bonjour proxy apps for that.

• Window 8.1 system unable to access network shares via VPN connection

  Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
  I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
  My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
  The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
  So to access network shares they have to use their domain credentials to create a VPN connection.
  Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
  They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
  those shares either.
  You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
  So...
  I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
  Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.

  I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
  This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
  I can see all the shares, so dns seems to be fine right?
  So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
  When I try to create a mapped drive by machine name I receive the following message:
  Windows cannot access \\fileserver.dev.lan\all
  You do not have permissions to access \\fileserver.dev.lan. contact your network administrator  to request access.
  But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
  This only seems to happen on windows 8.1, which leads me to think that has something to do with OS. 
  I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem.

• How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

  I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
  If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
  Now the question is how do I get program to use the vpn tunnel without checking the above option?
  Thanks for any hints and pointers.

  Then can her computer be authorized to both accounts?
  Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
  If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
  If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
  is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
  That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

• Warning: Lenovo system update 5.1 corrupts VPN connection

  In MS Windows 8 networking forum are discussed many VPNs problems, when installing 3rd party software.
  http://social.technet.microsoft.com/Forums/en-US/w8itpronetworking/threads
  After installing Lenovo system update 5.01 my VPN connection stopped working. Returning to restore point helped not.
  Jiří Cvrk
  TP YOGA S1 .. X220, X61, T22, ms w8nd8ws

  It was quite simple.
  I was connected to VPN.
  I upgraded Lenovo system update in two steps.
  I can´t connect to VPN anymore.
  Jiří Cvrk
  TP YOGA S1 .. X220, X61, T22, ms w8nd8ws

• Copy from AFP share to AFP share (via VPN-Connection) - stupid?

  Hi there
  We set up an OS X server in a remote facility and are connecting to it over a VPN connection (Netgear Firewall).
  Everything works fine, there's only one annoying issue: if I want to copy a file from a mounted AFP share (share1) to another mounted AFP share (share2) - both of them residing on the same server - it seems to me that the files are being copied first to my local client and then back to the server again - instead of being copied directly from and to the server...
  Is there anything I can do about this issue or am I wrong? Is this a so called "feature" of the Finder itself?
  Thanks for any suggestions and regards
  Roman

  Thanks for your thoughts about higher vs. lower latency networking - I totally agree. It might be a quite uncommon setup; as the server is being "housed" in a datacenter with quite tough restrictions: not only do they charge us for the power consumption, but also for the traffic being generated - which is 250 GB a month. They're providing an uplink with 10mbps (guaranteed), burstable to 100mbits.
  Anyway, we're interested in keeping traffic low - hard to do if we cannot let end users do "common" tasks like moving files from one folder to another (of course, its a sharepoint - but they don't care).
  What I'm looking for? Well, I think it will take hours to find out which part of the setup (AFP implementation of the server, AFP on the local machines, either of them on a particular version, the Finder in general...) actually might be responsible for this behavior. And maybe there's a "solution" (if you agree that this is actually a problem" buried somewhere
  Regards
  Roman