VPN Bandwidth
Our Office curently has 3MB down & 384k up over a cable modem. I have 10 or so guys connecting into the office using site to site VPN back into the PIX 506e. They use Outlook exclusively. My Question is, if I increase the upload to 1Mb, will that be sufficient to allow for file sharing (word, excel, digital pics, etc) with acceptable performance?
hello. i have a simular issue. here is my findings. we have a partal t1 (384k up and down) we currently run a asa5505 to 2801router. we have at a range of 1 to 10 users connecting using outlook and light filesharing. we have had no issues at all. i have even ran two or three remote desktop connections over the vpn with no noticable issues.
hope that helps
Similar Messages
-
Monitoring Remote SITE TO SITE vpn (Bandwidth - utilized)
Can somebody say how to know the bandwidth utilized
by the site to site vpn please
Tks
THomasHi Thomas,
You can use "Interface Graphs" in Pix Device Manager. This is a monitoring tool that will serve the purpose that you mentioned.
You can get more info at :
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.htm -
ASA5510 VPN Bandwidth Calculations
Were running an ASA5510 with multiple IPSEC VPN clients over a 100Mb leased line. At the moment we have about 10 active clients however we are looking at gearing up to about 100 clients.
Question is, is there a known method for calculating the required bandwidth for this number of clients or indeed obtaining metrics from already connected clients to help with this calculation.
We have tried a few monitoring products, most notably Solarwinds, however none of the products we have tried seems to be able to give us the throughput of the individual VPN connections to assist with our calcs....Hi Rob,
Check out VPNTTG (VPN Tunnel Traffic Grapher) is a software for SNMP monitoring and measuring the traffic load for IPsec (Site-to-Site, Remote Access) and SSL (With Client, Clientless) VPN tunnels on a Cisco ASA. It allows the user to see traffic load on a VPN tunnel over time in graphical form.
Advantage of VPNTTG over other SNMP based monitoring software's is following: Other (commonly used) software's are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peer's IP address and it stores for each VPN tunnel historical monitoring data into the Database.
For more information about VPNTTG please visit www.vpnttg.com -
I have site to site Configuration of VPN 3030 Concentrator ( one At HQ) and VPN 3005 Concentrator ( 14 At Branch Office). I want to measure the Bandwidth Utilization of VPN 3030 Concentrator at HQ.
Is there any command,network management software tool or utility available so I can measure the Bandwidth ?
DineshHi!
Opensystems Private I syslog software collects, alerts, reports, and archives VPN (and other syslog) log data.
Private I can detail the activity going through your VPNs, as well as tell you how much of the network users are using.
-Collects thousands of messages per second from a variety of network devices
-Real time alert notification via audio, visual, email, SNMP, or pager
-Powerful ad-hoc query capability
-Over 100 canned reports and graphs
-Easy customization and creation of new reports
-Scheduled report engine for timely output
-Offloading aged data for easy access
Check http://www.opensystems.com
Br Juha -
Boot camp with Cisco VPN client and smart card
Looking at a Macbook or Macbook Air and the only reason I need to run windows is to be able to access my work network through the Cisco VPN client and my Smartcard then use remote desktop. From my understanding if I run Bootcamp it should work am I correct? Im going to an Apple store tomorrow hopefully they can help too.
Thanksmrbacklash wrote:
Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
Message was edited by: BobTheFisherman -
User from certificate with Cisco VPN client and ASA (and radius)
Hello,
we are trying to migrate a vpn client connection from GROUP to certificate. We want that client uses the user from the certificate and doesn't ask user, only password. Is it possible? Now, with user certificate, you can connect as another user if you know the user and the password of the other user with your own certifcate.
Thanks!
Santiago.mrbacklash wrote:
Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
Message was edited by: BobTheFisherman -
Security Report VPN Graph is Blank
VPN Bandwidth
- Even though the VPN Bandwidth Bytes by Day contains data, the graphs are blank.
- SSL VPN graph is working fine.We found the root cause it was because table "task" does not have records in APPSERVER Database.
Once we updated task table. Security report SEC_LIST_MBR is displaying results correctly.
Regards,
Rajesh -
Using OS X Server VPN to Access NAS Drive?
Hi everyone!
I have been looking into getting an NAS drive for cloud backups and storage, and I was wondering if I bought an NAS drive like the Synology Diskstation, would I theoretically be able to use Mac OS X's VPN function to share the NAS drive to, say, my MacBook when I was not at home? Would that be possible, being able to access the files on the NAS drive whenever I have a Wi-Fi connection regardless of where I am?
Thanks much!In addition to what Linc Davis wrote...
The performance of your VPN-based share will be the lesser of the VPN bandwidth, of the NAS bandwidth, of the overhead of whatever file storage protocol you're using to access the storage, of your own local network uplink, of the coffee shop network, or whatever happens to be the slowest link within this connection.
Certainly prototype this configuration and find out what you can get for performance, but you might not find that the results meet your expectations. Particularly if you're thinking that you'll get NAS share-like access akin to what you get when directly connected to your local network. You won't get anything near that, unless you're connected on some big (and expensive) network links.
While many folks do have remote access into various remote networks via VPN and can access and transfer files via those VPNs, a common alternative used by many folks involves pushing the core shared files up to a cloud-hosting provider, and accessing the individual files from there. This approach gets several parts of the connection out of the path, and moves your core shared files "closer" to you in the network; out onto hosting servers (usually) with much lower network latencies and with far larger network bandwidth. Dropbox and SpiderOak are in this market, and there are others.
If you do head further along the self-hosting path that you're currently on (and if you do have the network bandwidth to support this), then something like OwnCloud might be interesting to you, too. Here's a write-up on OwnCloud. There are other private-cloud packages around, as well. -
We have a site to site tunnel setup recently, to use the internet link for tunnel purpose we have upgraded the bandwidth to 10 mbps. Since the bandwidth usage is not crossing 2 mbps during peak hours itself we have not implemented any kind of Qos in the firewall. Also my understanding is that the VPN bandwidth will be exactly the bandwidth that is available in the internet link therefore in my case i should get 8 mbps speed for my VPN.
The FTP download speed over the VPN is not crossing 20 kbps same time i am able to get a speed of around 170 kbps over internet to the same remote FTP server.
I am doubting that the internet link provided is not a 1:1 corporate internet connectiviy and for the VPN to perform to the optimum bandwidth the link should be 1:1.
Please help.Using what protocol? What kind of a connection?
I did some testing today and I got about 420KB/s download speed from the expected 4Mbit G-SHDSL we also have. Upload speed (to server) was 245 KB/s.
So no real loss because of the VPN. Pretty much used all the available bandwidth from the server.
To the server is retstricted because I'm at home using an ADSL connection about 2.5Mbit (AnnexM) to Internet (and 17.5Mbit from). I'm behind a D-Link G604T modem/router
This was using FTP and through a gigabit interface firewall to our DMZ and a G4 dual 1GHz 10.4.11 MirrorDoor running PureFTP.
The VPN server is a MacPro 4 core 2GHz running 10.5.3 (not doing very much else at the moment) and the client a 2,4 GHz MacBook pro also on 10.5.3.
Looks like AFP did about the same. No special tuning involved. -
Service Policy won't attach to interface - NO error
Hi,
Am doing some simple CE VoIP QoS for a IPSEC/GRE Customer. I try to ATTACH the policy to the tunnel outbound and the command is accepted without any error but nothing appears in the config.
Here's the base config:
class-map match-all IPSEC-VPN
match access-group name IKE_ACL
class-map match-all ROUTING
match ip dscp cs6
class-map match-all NETWORK-MANAGEMENT
match ip dscp cs2
class-map match-any VOICE-SIGNAL
match protocol rtp
match ip precedence 3
match ip dscp cs3
match ip dscp af31
match ip dscp af32
class-map match-any VOICE-BEARER
match ip precedence 5
match ip dscp ef
match ip dscp cs5
policy-map SHAPE-ADSL-UPLINK
class class-default
bandwidth remaining percent 50
random-detect
random-detect ecn
policy-map VoIP-QoS
class VOICE-BEARER
priority percent 34
class VOICE-SIGNAL
bandwidth percent 5
class ROUTING
bandwidth percent 2
class NETWORK-MANAGEMENT
bandwidth percent 2
class IPSEC-VPN
bandwidth percent 2
class class-default
(config)# int t203
(config-if)#service-policy output SHAPE-ADSL-UPLINK
NOTHING appears in the config and sh policy-map int t100 shows an unapplied policy.
Using:
c836-k9o3s8y6-mz.123-8.T5
Another bug?
ThxPolicy should read (nested):
policy-map SHAPE-ADSL-UPLINK
class class-default
bandwidth remaining percent 50
random-detect
random-detect ecn
service-policy VoIP-QoS -
DMVPN GRE over IPSEC Packet loss
I have a hub and spoke DMVPN GRE over IPSec topology. We have many sites, over 10, and have a problem on one particular site, just one. First off I want to say that I have replaced the Router and I get the same exact errors. By monitoring the Terminal, I regularly get these messages
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=10.X.X.X,dstadr=10.X.X.X,size=616,handle=0x581A
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=1
The tunnel is up, passes data, and always stays up. This router is a Spoke router. The routing protocol being used is EIGRP. When I do a
Show Crypto isakmp sa, it shows the state as being "QM_IDLE" which means it is up.
When I use the "Show Crypto Engine accelerator stat" this is what I get (Attached File)
You can see that there are ppq rx errors, authentication errors, invalid packets, and packets dropped. I know this is not due to mis-configuration because the config is the same exact as other sites that I have which never have any problems. Here is the tunnel interface and the tunnel source interface on the Spoke Router
interface Tunnel111
description **DPN VPN**
bandwidth 1000
ip address 172.31.111.107 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1300
ip pim sparse-dense-mode
ip nhrp authentication XXXX
ip nhrp map multicast dynamic
ip nhrp map multicast X.X.X.X
ip nhrp map X.X.X.X X.X.X.X
ip nhrp network-id 100002
ip nhrp holdtime 360
ip nhrp nhs 172.31.111.254
ip route-cache flow
ip tcp adjust-mss 1260
ip summary-address eigrp 100 10.X.X.X 255.255.0.0 5
qos pre-classify
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key XXXX
tunnel protection ipsec profile X.X.X.X
interface GigabitEthernet0/0
description **TO DPNVPN**
ip address 10.X.X.X 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip pim sparse-dense-mode
ip virtual-reassembly
duplex full
speed 100
no snmp trap link-status
no mop enabled
Is there anything that you can think of that may becausing this, do you think this can be a layer one or two issue? Thanks
BrendenHave you try to turn off the hardware encryption (no crypto engine accelerator) just to see if it's better. But be careful, cause your CPU% will run much higher, but you only have 10 spokes sites, so it wont be at 100%.
It's better to start troubleshooting by layer 1 then layer 2 when it's possible. Have you ask the site's ISP for packet lost on their side ? -
DMVPN: requires clear crypto sa
My DMVPN worked fine yesterday. However the DMVPN didn't come in. I left it for 20 with no joy.
Once I did a clear crypto sa on the spoke the tunnel came up.
This seems like I'm missing something in my config.
Can someone advise?Sorry my Spokes tunnel config is:
interface Tunnel0
description HO-VPN
bandwidth 100
ip address 10.x.250.6 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication password
ip nhrp map multicast dynamic
ip nhrp map multicast publicIP
ip nhrp map 10.x.250.1 publicIP
ip nhrp network-id aNumber
ip nhrp holdtime 360
ip nhrp nhs 10.x.250.1
zone-member security Zone-TunnelToHO
ip ospf network broadcast
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key aNumber
tunnel protection ipsec profile protect-gre -
Bandwidth utilised for dialog users and VPN encryption for ERP 6.0 ABAP
Hi all,
I have 30 users coming from remote locations to SAP system using centrally connected VPN server which is running with 2 mbps leased line bandwidth.
what is the bandwidth taken for every dialog user on a average 3 sessions always connected.(ERP 6.0 ABAP)
what encryption is suggested during vpn setup ,are there any limitations.
I am trying to explore above mentione and request to please advice based on standard industry best practice experience.
thanks,
Rahul.Hi Rahul,
what is the bandwidth taken for every dialog user on a average 3 sessions always connected.(ERP 6.0 ABAP)
The amount of bandwith used is minimal.. this is well documented, read SAP Note 62418
what encryption is suggested during vpn setup ,are there any limitations.
This is completely up to your company security policies
Regards
Juan -
Applying bandwidth restriction to a VPN
Hello Experts,
I have a L2L vpn configured between two sites on which we route various Intranet traffic like FTP, file copying, etc. I want to limit bandwidth between hosts. Example: 1mbps I want to allocate between Host A lying at site 1 and Host B lying at site 2. Not sure if it is possible, please suggest.
Thanks
ArabindaHere is the config example for VOIP through the VPN tunnel.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
you can use the same logic for your scenario.
thanks
-SYed -
Can QoS be implemented when VPN tunnel bandwidth is unknown?
Is it possible to have some sort of QoS on both sides of a VPN tunnel when the speed at the endpoint is unknown. In other words is it possible to have QoS bandwidth parameters to be automatically detected/adapted to the actual bandwidth?
Hey Martin,
Thanks for your reply. I Think IntServ won't be a solution straight away, I'll try to explain what I would like to do.
What my issue is that I have a few locations who are kind of mobile, and each location connects to the internet via various links, depending on which is available. This link can be a normal ISP which blocks all traffic except port 80 and 443. The connection could be a simple ISDN dialin or a dedicated T1 link.
Because there is a Cisco VoIP router on the mobile location and some users' data should have precedence over others' I would like to implement QoS.
My idea was when I were able to set up a site-to-site SSL VPN tunnel to a router in a datacenter (using Array Network stuff if the Cisco can't do site-to-site SSL) I would have more control over the internetlink. I Would not be limited to using only port 80 and 443: all traffic would just go encrypted and look like normal HTTPS traffic.
It's likely that this VPN link would always consume the maximum available bandwidth. When it is be possible for some QoS mechanism to "detect" the speed of the VPN I could let's say dedicate bandwidth for 4 VoIP calls and the remaining bandwidth can be made available for normal traffic. Note that this normal traffic should have some priority levels too.
Assigning dedicated bandwidth to VoIP isn't a big problem I think, however how can I make x percentage of the remaining bandwidth available to user x and y percentage available to user y?
I Hope I wrote it understandable ;).
Regards
Maybe you are looking for
-
SCCM 2012 R2 Configuration Manager Client Package - stuck "In Progress"
Hi Team; I’m having 2 issues with SCCM 2012 R2: Issue 1: I'm having a strange issue with the default XXX00002 package - "Configuration Manager Client Package", it will not deploy to the Secondary Site DP. The console is saying "In Progress" - below i
-
Attachments open in same tab - i want them to open in a new tab
I work in school recruiter (used for taking work applications for school system) and open a lot of attachments to applications. When I close the attachment, it closes me out of school recruiter. I need the attachments to open in a separate tab. Where
-
How to use outer join on 2 tables with Oracle 8i
Could anyone tell me the Oracle 8i syntax equivalent to : select user.name, city.adress, contry.name from user left outer join city on (user.rCity = city.code) left outer join country on (user.rCountry = country.code) I tried following : select user.
-
Hi, Is there any way to reset the WSDL cache in ESB? I am making changes to a dbadapter wsdl in a ESB project in Jdeveloper and then re-registering it with the ESB console. If you look at the dbadapter wsdl on the server it has been refreshed with th
-
Can't start OBIEE "Analysis" , "xmlpserver" , "ui" , "em"
Hi friends, I have a problem with OBIEE 11g of starting the weblogic. I fact with problem below: when I : Login - http://obiee:7001/em ; I got this message: "*Login is in progress ...*" - http://obiee:7001/ui ; http://obiee:7001/xmlpserver ; I got th