USG310 Slow speed site to site vpn ipsec

Posts: 2
in Security
Hello,
we have just acquired 2 Zywall usg310 to replace our USG60 in order to increase the speed of the vpn between the 2 sites.

The problem is that we do not exceed 36Mb/s while our old USG60 exceeds 90Mb/s we have two symmetrical 600Mb/s FTTH Link, do you have any idea?

Config :
BWM disabled
Firewall disabled

Phase 1 (Vpn gateway)
IkeV1
Negotiation mode : Main
Encrypt : AES128
Auth : SHA1
PFS : DH2
Nat traversal : actived
DPD : Actived

Phase 2 (VPN connection)
Nailed-up: actived
Replay detection: actived
Netbois broadcad: actived
Auto MSS

Active protocol : ESP
Encapsulation : Tunnel
Encrypt : AES128
Authen : SHA1
PFS : DH2

I tested in smb, sftp and iperf I have the same result


[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  42.4 MBytes  35.7 Mbits/sec                  sender
[  4]   0.00-10.00  sec  42.3 MBytes  35.6 Mbits/sec                  receiver

Welcome!

It looks like you're new here. If you want to get involved, click on this button!
Sign In
Register

All Replies

  • Posts: 1,426  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers 1000 Comments
    USG60: RFC 2544  VPN througtput 180mbps
    USG310: RFC 2544  VPN througtput 650mbps

    You said that with USG60 90mbs were reached. CPU 100% of the device?
    About MTU, is correctly setup on both end of the connection? you can reach close to the performance limit of your FTTH connection?

    Last but not least: are you aware of some eventual BWM from your ISP?


  • Posts: 2
    mMontana said:
    You said that with USG60 90mbs were reached. CPU 100% of the device?

      - On the USG60 when we are at 90 mbs the Cpu is between 62% and 75% 

    About MTU, is correctly setup on both end of the connection? you can reach close to the performance limit of your FTTH connection?

       -I currently kept the default values ​​(MTU 1500 and the MSS in automatic)

    Last but not least: are you aware of some eventual BWM from your ISP?
      -  not to my knowledge, looking a bit I can't find anything, I opened a ticket with this one
  • Posts: 724  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Hello @Tylerd,
    Welcome to Zyxel Community!
    May I know the firmware version of your USG310? and provide the configuration to us for further checking? (you may contact me through private message)
    Thank you.

    James

Welcome!

It looks like you're new here. If you want to get involved, click on this button!
Sign In
Register

Welcome!

It looks like you're new here. If you want to get involved, click on this button!
Sign In
Register

Quick Links

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)