I will really appreciate your help on this.
We have two sites connected across ipsec. One side is running SRX3k and other side has MX Series for ipsec.
We are observing slow data transfer from SRX to MX side at around 700kbps. However, It is around 30-35 Mbps from MX to SRX side. Weird!!!
We took packet capture saw many out of order and TCP previous packet not captured frames. I was curious about mss being the issue. But did not see any fragmentation in the pcap.
Can you try the following configuration and let us know if you still face the same issue :
#set security flow tcp-mss ipsec-vpn mss 1300
If you can Flap the tunnel and try to re-establish the tunnel and try again and check the Bandwidth .
Thanks for the reply. Can you confirm one thing?
Do I have to change on both sides? What are pros and cons doing one or both sides?
Its not mandatory that you need to change on both end . You can change on the Juniper device and see if the VPN tarffic throughput have some improvements .