Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Remote Access Slows Traffic by More than a Half


We have a XG2300 with a 500/500 WAN. At home I have a run-of-the-mill 70/70 FiOS (or thereabouts)

I connect to a file sharing site hosted at my office and I get, on average, 60-70mbs when downloading s file via our public IP address.

I jump on our IPSEC Remote Access VPN and is drops to barely 30mbs when downloading the same file, now from the private LAN address through the VPN. 

I understand I could just access it via our internet address with a split tunnel, but I did this deliberately as a test since I have some resources that can only be accessed through the VPN, are slow, and I wanted a way to compare VPN vs no-VPN to try too find the bottleneck.

I have disabled DoS checking and have no IPS or other filtering between the VPN and our LAN. I've tinkered with MTU with no significant difference.

The traffic isn't being blocked -- the file does download. Just slowly.

Three questions:

Is this normal? Is IPSEC expected to cut speeds in half?

Anything best-practices when it comes to IPSEC RA? I have it configured with the defaultremoteaccess ipsec profile. Client is Sophos Connect on a Mac.

Any way to download the logs and/or packet capture into a PCAP or text file I can post?



This thread was automatically locked due to age.