Find an IPSec overhead calculator and determine what the issue is. As well
if your PC is configured for a 1500 Byte MTU, and it isn't doing PMTUD, then
your router could be having to fragment the packets. If they fragment before
IPSec then you are sending 2 IPSec packets for every packet you send
doubling the overhead. If you are fragmenting after the encryption, then the
router on the other end has to do reassembly which is 100% process switched
on a Cisco Router and is going to cause major issues. Simple test is to
confirm your MTU, if it is larger than 1400, set it to 1400. Now test again.
A 64-byte IP Packet is 20 Bytes of Overhead and very little data depending
on the protocol used. Now add IPSec on top of that. AES-256 is going to
double the size of the packet. This is why all the speed tests use 1400 Byte
packets.
David
-- http://dcp.dcptech.com -----Original Message----- From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Cisco Fanatic Sent: Friday, August 31, 2012 9:01 PM To: ccielab_at_groupstudy.com Subject: VPN Overhead WoW !!! I have this 10 MB Internet connection and doing site-to-site VPN only getting 5 MB checking through speedtest. I am not sure how but i am told my by ISP that it is due to VPN overhead .. :(- how true not able to prove. -Yuri Blogs and organic groups at http://www.ccie.netReceived on Fri Aug 31 2012 - 21:44:35 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART