VPN300 - Poor IPSec Throughput
Options
Hello, I have a VPN300 with a site-to-site VPN connection that we are experiencing poor throughput with.
Internet - 300/30Mbps - Static IP
The issue I am running into is that my throughput from downloading a file from x.x.22.56 is about 2MB/s (17Mb/s) which is not anywhere close to what we are expecting. The connection otherwise is extremely stable and the throughput is consistent.
On the remote end packet captures were done and it appears that the VPN300 starts the connection and the mysteriously kills it.
There are no BWM or other traffic shaping configurations.
Any thoughts would be appreciated.
Internet - 300/30Mbps - Static IP
VPN_Connection
- IKEv2
- SA Lifetime: 86400
- AES256/SHA256
- DH14
- Nailed Up / MSS - Auto / Narrowed
Policy
- Local: NAT_23_56 (x.x.23.56/29)
- Remote: DEST_22_56 (x.x.22.56/29)
- Policy Enforcement (Checked)
- SA Lifetime: 28800
- AES256/SHA256
- PFS: None
Inbound/Outbound NAT
Source NAT
- LAN1_SUBNET (x.x.1.0/24)
- Destination: DEST_22_56 (x.x.22.56/29)
- SNAT: NAT_23_56 (x.x.23.56/29)
The issue I am running into is that my throughput from downloading a file from x.x.22.56 is about 2MB/s (17Mb/s) which is not anywhere close to what we are expecting. The connection otherwise is extremely stable and the throughput is consistent.
On the remote end packet captures were done and it appears that the VPN300 starts the connection and the mysteriously kills it.
There are no BWM or other traffic shaping configurations.
Any thoughts would be appreciated.
0
All Replies
-
Maybe the encryption/authentication is too high? Try phase 1 AES128/SHA1 key group DH2 and phase 2 AES128/SHA1 key group none and see what you get.
0 -
We had it lower on a previous connection with the same throughput. We recently transitioned to IKEv2 from IKEv1 for this connection.PeterUK said:Maybe the encryption/authentication is too high? Try phase 1 AES128/SHA1 key group DH2 and phase 2 AES128/SHA1 key group none and see what you get.
0 -
I just ran a few tests with iperf3 and have similar results on another site-to-site connection.[ ID] Interval Transfer Bandwidth
[ 4] 0.00-4.63 sec 10.1 MBytes 2.18 MBytes/sec sender
[ 4] 0.00-4.63 sec 10.1 MBytes 2.18 MBytes/sec receiver[ ID] Interval Transfer Bandwidth
[ 4] 0.00-28.24 sec 50.1 MBytes 1.78 MBytes/sec sender
[ 4] 0.00-28.24 sec 50.1 MBytes 1.78 MBytes/sec receiver
Any help would be appreciated.0 -
So I just ran multiple tests with parallel streams and was able to get the total bandwidth to about 15/17MBps.
What do I need to do in order to achieve this every time even though the applications running across are not maxing it out in this way?1 -
I think you don't need to do other somethings, the throughput of multiple streams is better than single stream. I verified it on my Zyxel ATP device, too. It's the same result just like yours
.
0
Guru Member
Freshman Member
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
