IPSec Remote Access Slows Traffic by More than a Half

Hi,

We have a XG2300 with a 500/500 WAN. At home I have a run-of-the-mill 70/70 FiOS (or thereabouts)

I connect to a file sharing site hosted at my office and I get, on average, 60-70mbs when downloading s file via our public IP address.

I jump on our IPSEC Remote Access VPN and is drops to barely 30mbs when downloading the same file, now from the private LAN address through the VPN. 

I understand I could just access it via our internet address with a split tunnel, but I did this deliberately as a test since I have some resources that can only be accessed through the VPN, are slow, and I wanted a way to compare VPN vs no-VPN to try too find the bottleneck.

I have disabled DoS checking and have no IPS or other filtering between the VPN and our LAN. I've tinkered with MTU with no significant difference.

The traffic isn't being blocked -- the file does download. Just slowly.

Three questions:

Is this normal? Is IPSEC expected to cut speeds in half?

Anything best-practices when it comes to IPSEC RA? I have it configured with the defaultremoteaccess ipsec profile. Client is Sophos Connect on a Mac.

Any way to download the logs and/or packet capture into a PCAP or text file I can post?

Thanks,

Jeff



Edited TAGs
[edited by: emmosophos at 7:07 PM (GMT -7) on 16 Aug 2022]

Top Replies

Parents Reply Children