VPN300 - Poor IPSec Throughput
Freshman Member
Hello, I have a VPN300 with a site-to-site VPN connection that we are experiencing poor throughput with.
Internet - 300/30Mbps - Static IP
The issue I am running into is that my throughput from downloading a file from x.x.22.56 is about 2MB/s (17Mb/s) which is not anywhere close to what we are expecting. The connection otherwise is extremely stable and the throughput is consistent.
On the remote end packet captures were done and it appears that the VPN300 starts the connection and the mysteriously kills it.
There are no BWM or other traffic shaping configurations.
Any thoughts would be appreciated.
Internet - 300/30Mbps - Static IP
VPN_Connection
- IKEv2
- SA Lifetime: 86400
- AES256/SHA256
- DH14
- Nailed Up / MSS - Auto / Narrowed
Policy
- Local: NAT_23_56 (x.x.23.56/29)
- Remote: DEST_22_56 (x.x.22.56/29)
- Policy Enforcement (Checked)
- SA Lifetime: 28800
- AES256/SHA256
- PFS: None
Inbound/Outbound NAT
Source NAT
- LAN1_SUBNET (x.x.1.0/24)
- Destination: DEST_22_56 (x.x.22.56/29)
- SNAT: NAT_23_56 (x.x.23.56/29)
The issue I am running into is that my throughput from downloading a file from x.x.22.56 is about 2MB/s (17Mb/s) which is not anywhere close to what we are expecting. The connection otherwise is extremely stable and the throughput is consistent.
On the remote end packet captures were done and it appears that the VPN300 starts the connection and the mysteriously kills it.
There are no BWM or other traffic shaping configurations.
Any thoughts would be appreciated.
0
All Replies
-
Maybe the encryption/authentication is too high? Try phase 1 AES128/SHA1 key group DH2 and phase 2 AES128/SHA1 key group none and see what you get.
0 -
We had it lower on a previous connection with the same throughput. We recently transitioned to IKEv2 from IKEv1 for this connection.PeterUK said:Maybe the encryption/authentication is too high? Try phase 1 AES128/SHA1 key group DH2 and phase 2 AES128/SHA1 key group none and see what you get.
0 -
I just ran a few tests with iperf3 and have similar results on another site-to-site connection.[ ID] Interval Transfer Bandwidth
[ 4] 0.00-4.63 sec 10.1 MBytes 2.18 MBytes/sec sender
[ 4] 0.00-4.63 sec 10.1 MBytes 2.18 MBytes/sec receiver[ ID] Interval Transfer Bandwidth
[ 4] 0.00-28.24 sec 50.1 MBytes 1.78 MBytes/sec sender
[ 4] 0.00-28.24 sec 50.1 MBytes 1.78 MBytes/sec receiver
Any help would be appreciated.0 -
So I just ran multiple tests with parallel streams and was able to get the total bandwidth to about 15/17MBps.
What do I need to do in order to achieve this every time even though the applications running across are not maxing it out in this way?1 -
I think you don't need to do other somethings, the throughput of multiple streams is better than single stream. I verified it on my Zyxel ATP device, too. It's the same result just like yours
.
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
