Slow internet speed connecting Cisco 3002 to 3005

[ilpadrino]

We have several remote locations with the Cisco hardware clients (Cisco 3002) connecting to the Cisco VPN Concentrator (Cisco 3005). The locations are DSL and internet speed is reduced while the tunnel is established. Is there a way to have internet traffic route through the DSL modem instead of through the tunnel, which is only necessary for internal servers?

 

[308win]

Yes I believe so, on the 3005 configure for split tunneling on the IPSEC configuration page for the group that you configured for the 3002. I'm not 100% positive, but I know that is how you do it for other clients coming into a 3005. There are security issues that you should be aware of. You will be giving remote clients secure access to your network, while also allowing them access to the internet. If the access that they have is not secure, then your entire netowrk is not secure.

 

[ilpadrino]

Is it possible that I need more bandwdith or a better perimiter router (1600) to support the number of locations accessing our VPN Concentrator? We only have 1 T1 and that supports about 350 users plus anywhere from 15-25 VPN software and hardware clients running IPSEC.

We've noticed increases in the 1600 CPU load in recent months after several additional VPN connections. The higher CPU load affects (or slows down) VPN connections first, followed by slower internet for the rest of our users.