This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec Tunnel

 Hey Everyone, 

 

I have an IPsec tunnel connecting multiple offices together and was wondering if someone could guide me to a better solution possibly?

 

My Question is that I am having data being transferred between the different sites continuously and was curious what the throughput would be for my current setup and if there is a better config that provides good security/speeds?

 

Heres my current config;

IKE: Auth PSK / Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 28800s / DPD
ESP: Enc 3DES_CBC / Hash HMAC_MD5 / Lifetime 28800s



This thread was automatically locked due to age.
Parents
  • Add overhead by changing to sha2 and aes or newer emcryption.

    Then use ping -f -l  to find the maximum packet that can pass the tunnel without fragmentation.   Lower your inside mtu to that value or less.  Some overhead is variable, so adjusting downward can be needed.   You want to ensure that the packets can have ipsec overhead added without causing fragmentation of the original packet into multiple pieces.

Reply
  • Add overhead by changing to sha2 and aes or newer emcryption.

    Then use ping -f -l  to find the maximum packet that can pass the tunnel without fragmentation.   Lower your inside mtu to that value or less.  Some overhead is variable, so adjusting downward can be needed.   You want to ensure that the packets can have ipsec overhead added without causing fragmentation of the original packet into multiple pieces.

Children