daxa78
asked on
Site to Site VPN vs Remote Client VPN
Hello, i have a question regarding site to site vpn and remote access Vpn.
I currently have a site to site vpn connection between a main office in Norway and a branch office in Shanghai. Using Cisco 5505 ASA. Using the wizard and default encryption.
I also have a site to site connection between the main office here in norway and another location here in norway. That connection i use diffrent ecryption. DES MD5 GROUP2
But the connection is very slow, and many ICMP are lost when i use the ping x.x.x.x -t
When i use the VPN client and connect to the Shanghai office none of the ICMP are lost.
Any suggestions ? Maybe change the encryption level?
Ping Pinging 192.168.10.110 with 32 bytes of data:
Request timed out.
Reply from 192.168.10.110: bytes=32 time=751ms TTL=128
Reply from 192.168.10.110: bytes=32 time=756ms TTL=128
Reply from 192.168.10.110: bytes=32 time=743ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=740ms TTL=128
Reply from 192.168.10.110: bytes=32 time=745ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=738ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=741ms TTL=128
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.10.110: bytes=32 time=747ms TTL=128
Request timed out.
Ping statistics for 192.168.10.110:
Packets: Sent = 16, Received = 8, Lost = 8 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 738ms, Maximum = 756ms, Average = 745ms
I currently have a site to site vpn connection between a main office in Norway and a branch office in Shanghai. Using Cisco 5505 ASA. Using the wizard and default encryption.
I also have a site to site connection between the main office here in norway and another location here in norway. That connection i use diffrent ecryption. DES MD5 GROUP2
But the connection is very slow, and many ICMP are lost when i use the ping x.x.x.x -t
When i use the VPN client and connect to the Shanghai office none of the ICMP are lost.
Any suggestions ? Maybe change the encryption level?
Ping Pinging 192.168.10.110 with 32 bytes of data:
Request timed out.
Reply from 192.168.10.110: bytes=32 time=751ms TTL=128
Reply from 192.168.10.110: bytes=32 time=756ms TTL=128
Reply from 192.168.10.110: bytes=32 time=743ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=740ms TTL=128
Reply from 192.168.10.110: bytes=32 time=745ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=738ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=741ms TTL=128
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.10.110: bytes=32 time=747ms TTL=128
Request timed out.
Ping statistics for 192.168.10.110:
Packets: Sent = 16, Received = 8, Lost = 8 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 738ms, Maximum = 756ms, Average = 745ms
Could you please clarify - you mention 2 vpn tunnels (Norway<->Norway and Norway<->Shanghai). Are both tunnels giving you ping problems or just one (which one)? Any chance you could post your config, 'x'ing out the sensitive information (keys, etc)?
ASKER
The only problem is the shanghai connection. My config is working good but im wondering what changing the encryption level could do with the speed?
Any input guys
Any input guys
by definition, the higher the encryption level, the longer processing time it requires, although I'm not sure that would be particularly noticeable. Is the Shanghai connection of comparable speed to the other Norway internet connection?
ASKER
the shanghai office has a 1mb connection and the norway office has a 3mb connection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The thing is that it is not 1mb to norway it is 22k
didn't your last post say norway office has a 3mb connection??
ASKER
The 1 mb is local in china but speed test to norway is only 22k. Meaning it a lot of bandwidth is lost on the way.
in that case I would definitely follow the link I posted previously to adjust the mtu size down for the 22k link