Remote Access VPN options

Atif Sajid · Guest

Hello all,
my dialup users are experiencing very slow VPN connections when they connect
to our PIX 515E (multiple on different locations). VPN 3000 Concentrators
are very expensive and out of question. The other option that I have is to
get an unrestricted license and install VPN Accelerator in PIX 515.
However, at the same time I am thinking of buying 3600 routers to act as
perimeter equipment for our network edges. I can also use 3600 routers as
"Easy VPN Server" because those routers won't be doing any routing but just
sitting as gateway. Does anyone know what type of access-vpn performance
should I expect from these routers configured as Easy VPN Server. Can I
compare it to a 515E installed with VPN Accelerator cards. Any real-life
experiences or hints???
Thanks in advance.

Regards

Atif

Walter Roberson · Guest

In article <xfEQa.47$I4.8@nwrdny01.gnilink.net>,
Atif Sajid <atif.sajid@verizon.net> wrote:
:my dialup users are experiencing very slow VPN connections when they connect
:to our PIX 515E (multiple on different locations). VPN 3000 Concentrators
:are very expensive and out of question. The other option that I have is to
:get an unrestricted license and install VPN Accelerator in PIX 515.

What load figures are you seeing on the 515E's? How much traffic are
they carrying?

There is no point in spending money on a VPN+ card if the encryption
is not significantly loading your PIX.

In our experience, the single greatest cause of slow VPN traffic
is network latency. Have you tried putting a PC just outside your
515E and measuring the throughput you get then? When we did that,
we found that a PIX 501 <-> PIX 525 ran at pretty much the rated
maximum for the 501 -- much much faster than the same 501 appeared
to achieve when connected 1500 miles away. Latency, latency, latency!

--
I predict that you will not trust this prediction.

RC · Guest

What are you using for the VPN client? Software clients can be slow,
depending on the encryption level, CPU speed, and RAM. And if you are using
Microsoft's make sure you uncheck the "Use Default Gateway on remote
network" unless you want ALL the users internet traffic going through the
PIX and back out.

How's the performance when only one user is connected? If it's still slow,
I'd be looking at the client, otherwise the PIX.

What's the CPU utilization on the PIX when the VPN is slow?

"Atif Sajid" <atif.sajid@verizon.net> wrote in message
news:xfEQa.47$I4.8@nwrdny01.gnilink.net...

MysteryWife · Guest

Also remember...dial up users always experiance slow connections. That is
why it is called slow-speed internet! :-)

"Atif Sajid" <atif.sajid@verizon.net> wrote in message
news:xfEQa.47$I4.8@nwrdny01.gnilink.net...

Jocelyn · Guest

Hi,

if you have a PIX-515E-UR it comes with a VPN accelerator and it can
handle more traffic/tunnel that a VPN3030 or a Cisco 3600.

Check your MTU size... and try connecting a PC just in front of the
PIX to see what kind of performance you get.

Hope this help
Jocelyn

"Atif Sajid" <atif.sajid@verizon.net> wrote in message news:<xfEQa.47$I4.8@nwrdny01.gnilink.net>...