USG310 Slow speed site to site vpn ipsec

Tylerd
Tylerd Posts: 2
in Security
Hello,
we have just acquired 2 Zywall usg310 to replace our USG60 in order to increase the speed of the vpn between the 2 sites.

The problem is that we do not exceed 36Mb/s while our old USG60 exceeds 90Mb/s we have two symmetrical 600Mb/s FTTH Link, do you have any idea?

Config :
BWM disabled
Firewall disabled

Phase 1 (Vpn gateway)
IkeV1
Negotiation mode : Main
Encrypt : AES128
Auth : SHA1
PFS : DH2
Nat traversal : actived
DPD : Actived

Phase 2 (VPN connection)
Nailed-up: actived
Replay detection: actived
Netbois broadcad: actived
Auto MSS

Active protocol : ESP
Encapsulation : Tunnel
Encrypt : AES128
Authen : SHA1
PFS : DH2

I tested in smb, sftp and iperf I have the same result


[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  42.4 MBytes  35.7 Mbits/sec                  sender
[  4]   0.00-10.00  sec  42.3 MBytes  35.6 Mbits/sec                  receiver

All Replies

  • mMontana
    mMontana Posts: 1,405  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    USG60: RFC 2544  VPN througtput 180mbps
    USG310: RFC 2544  VPN througtput 650mbps

    You said that with USG60 90mbs were reached. CPU 100% of the device?
    About MTU, is correctly setup on both end of the connection? you can reach close to the performance limit of your FTTH connection?

    Last but not least: are you aware of some eventual BWM from your ISP?


  • Tylerd
    Tylerd Posts: 2
    mMontana said:
    You said that with USG60 90mbs were reached. CPU 100% of the device?

      - On the USG60 when we are at 90 mbs the Cpu is between 62% and 75% 

    About MTU, is correctly setup on both end of the connection? you can reach close to the performance limit of your FTTH connection?

       -I currently kept the default values ​​(MTU 1500 and the MSS in automatic)

    Last but not least: are you aware of some eventual BWM from your ISP?
      -  not to my knowledge, looking a bit I can't find anything, I opened a ticket with this one
  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Hello @Tylerd,
    Welcome to Zyxel Community!
    May I know the firmware version of your USG310? and provide the configuration to us for further checking? (you may contact me through private message)
    Thank you.

    James

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)