Dynamic-VPN speed issues

willroute4food · 11-06-2009

Hello experts,

Quick question from a new Juniper guy. We have dual SRX240's in a HA config. Everything is working there. We have also set up the dynamic vpn, and it is working fine authenticating to a RADIUS server (actually a cisco acs server). The problem is that once connected the speeds are slow. Pings go through in our test bed at < 1ms, but when we RDC to a remote device it takes about 5 minutes to even render the logon screen. We have tried this with different users/computers but keep getting the same results. We set this up as noted in the AppNote compiled October 2009. Any ideas?!?

devol · 06-22-2008

Sounds like an MTU issue to me. Have you tried pinging through the VPN using larger packet sizes?

On windows: ping -l 1500

Or whatever your MTU is on the network, to see whats going on. I'm not sure how to suggest fixing it though, as I'm not familiar with Dynamic VPN. Perhaps someone else could chime in?

rkim · 11-06-2007

Try lowering TCP-MSS. You could be having issues due to fragmentation.

set security flow tcp-mss ipsec-vpn mss 1350

-Richard

willroute4food · 11-06-2009

Thanks guys. I will try these things out hopefully today. Appreciate the help. I will let you all know the results.

willroute4food · 11-06-2009

Ok, I had missed a step in the config, and forgot to apply the ACL to let traffic for that particular vpn through. Got it in there and it works great. Funny that there was even a connection in the first place with that missing.

Dynamic-VPN speed issues

Re: Dynamic-VPN speed issues

Re: Dynamic-VPN speed issues

Re: Dynamic-VPN speed issues

Re: Dynamic-VPN speed issues