Site to Site IPSEC Vpn throughput slow, help.

[shanebuss]

I have a tz 170 sonicwall and a cisco vpn concentrator linking our dallas any NY office via ipsec.

Both sites have dedicated 100MB cogent lines.

I get 4.7mb throughput over the vpn. It is kind of weird, beacuse even when im pushing a lot of traffic,or no traffic, it always benchmarks at 4.7

teh sonicwall and the cisco concentrator claim speeds much faster than this, so i dont know whats limitting it. I was getting only 2.xmbs under 3des, but under des i'm now getting 4.7. Any ideas? I know its not the cogent line, because i get much faster throughput than that to all internet sites

thanks

 

[LloydSev]

what hash algorithms are you using as well along with the encryption?

Computer/Network Technician
CCNA

 

[shanebuss]

IKE Phase 1

DH group 2
Encrption 3DES
Authentication MD5


IPsec Phase2
protocol ESP
encryption DES (was 3des, but i got a lot more throughput with des)
Authentication MD5
DH group 2

 

[shanebuss]

actually, the cisco concentrator is a 3005. it looks like they max out at 4.7mbs per vpn connection, even though they can handle 100s.

Im guessing this is my issue

 

[LloydSev]

Straight from the Cisco site..

The Cisco VPN 3005 Concentrator is a virtual private network (VPN) platform designed for small to medium-sized businesses that require up to full-duplex T1/E1 (4 Mbps maximum performance) and offering support for up to 200 simultaneous IP security (IPSec) sessions or 50 simultaneous clientless sessions. Encryption processing is performed in software. The Cisco VPN 3005 does not have built-in upgrade capability.

Computer/Network Technician
CCNA

 

[LloydSev]

Seems if you are getting 4.7Mbps, you are experiencing better than designed for transfer rates.

Computer/Network Technician
CCNA

 

[shanebuss]

if i turn encryption off i get 6.5

I just need to get somethign besides the 3005 and i'll be fine.

thanks

 

[LloydSev]

Yeah. Concentrators are great if you can afford them.

Computer/Network Technician
CCNA