Increasing data transfer on a firewall to firewall vpn connection

Discussion in 'Cisco' started by providencebuddy@yahoo.com, Jun 14, 2005.

  1. Guest

    Hi,
    I'm a newbie when it comes to networking equipment, but I have a
    question. How can the data transfer rate in a secure connection between
    one firewall and another firewall be increased? I believe we have
    establish some sort of vpn connection between the two.

    I assume the parameters in this case might be
    1) The internet data lines connecting the sites
    2) The processing power of the devices doing some sort of
    encoding/decoding on both sides of the link.

    I'm just clueless as to where the bottle neck resides.
    Thanks for your help
    , Jun 14, 2005
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :I'm a newbie when it comes to networking equipment, but I have a
    :question. How can the data transfer rate in a secure connection between
    :eek:ne firewall and another firewall be increased? I believe we have
    :establish some sort of vpn connection between the two.

    :I assume the parameters in this case might be
    :1) The internet data lines connecting the sites
    :2) The processing power of the devices doing some sort of
    :encoding/decoding on both sides of the link.

    :I'm just clueless as to where the bottle neck resides.

    If you are seeing 1/2 to 2/3 of the maximum performance, then
    you might be fragmenting packets, and your MTUs may need to be
    adjusted (or Path MTU Discovery turned on.)

    If you are seeing -very- poor performance, especially in one
    direction, then there is likely a duplex mismatch.

    The kind of encryption you choose can make a difference, especially
    if the encryption you choose does not happen to be one of the
    ones that is hardware-accelarated. And hardware accelaration can be
    funny -- they might have optimized a particularily common type
    of encryption more than a less-common but less complex encryption.

    If you have AH (authentication header) turned on, or are using
    NAT-T (Nat Traversal) then there are additional processing overheads
    for the IPSec encapsulation.

    Latency can be a real bug-bear. On a particular 1000-mile long link
    that we have, when we measure the throughput we find that it is
    close to the maximum expected, but the latency is high enough
    that doing interactive X Windows graphics work is painful.

    For larger transfers, latency effects can be reduced by using
    larger windows, including possibly by using the tcp window-size
    extensions.
    --
    'ignorandus (Latin): "deserving not to be known"'
    -- Journal of Self-Referentialism
    Walter Roberson, Jun 14, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c2FjaGlu?=

    Increasing wireless network number

    =?Utf-8?B?c2FjaGlu?=, Sep 2, 2004, in forum: Wireless Networking
    Replies:
    2
    Views:
    3,730
    Lance
    Sep 3, 2004
  2. Simon Watson
    Replies:
    1
    Views:
    1,044
  3. brian.s
    Replies:
    3
    Views:
    507
    brian.s
    Aug 22, 2007
  4. alexsaiz82
    Replies:
    1
    Views:
    1,621
    alexsaiz82
    Oct 9, 2008
  5. Donchano
    Replies:
    5
    Views:
    5,520
    Donchano
    Feb 9, 2010
Loading...

Share This Page