I have had a non-meraki site-site vpn tunnel that worked great...until I loaded 14.24.
After installation of 14.24 the throughput went from 2.2mbs to 0.4mbs.
Nothing else changed other than the firmware update.
I did downgrade to 13.28...problem has stayed.....I even had support upgrade back to 14.23 (last known good) and that didn't work either.
Has anyone else had throughput issues with non-meraki tunnels recently?
I haven't had issues, but there are some things you can try on a Windows client on one end:
Perhaps you are having asymmetric timing issues, often caused by an asymmetric circuit (such as ADSL), try:
netsh int tcp set global timestamps=enable
Perhaps you are now experiencing an MTU squeeze. Locate your current interface with:
netsh interface ipv4 show subinterface
Then run this command to change the MTU (change "Local Area Connection" to the adaptor name above):
netsh interface ipv4 set subinterface “Local Area Connection” mtu=1400
If this works then make the change permanent with:
netsh interface ipv4 set subinterface “Local Area Connection” mtu=1400 store=persistent
That's the thing....I changed that tunnel to my ASA instead of the Meraki and the throughput immediately came back. No other changes we made on the server.
ASA's usually have an MSS adjust configured on them, which mitigates MTU squeezes.
Perhaps try the MTU test and see what impact it has - if any.
I just remembered something important.
The MX line have terrible 3DES throughput. Make sure you are using AES.
Changing to AES now...and testing again....
AES fixed it....now I am going back to make sure ALL of my non-meraki peers are set to AES.
Thanks for the help.
Not really sure why support didn't tell me that??
It is not a well known issue. That's why it took me so long to remember.
ps. Nobody should be using 3DES anymore. 🙂