Large drop in download bandwidth when using VPN. Anything can be done?

Tintin
Getting noticed

Large drop in download bandwidth when using VPN. Anything can be done?

Hi!

 

I know there has been a few posts about this before and I understand there will be some throughput loss when connected to the VPN – I just think what I'm seeing is a bit much.

 

For example, on a Wi-Fi with a 100 Mb/s theoretical connection I yesterday got 82 Mbps on the website fast.com which after connecting to our VPN yielded a drop to 22 Mbps. Isn't that a bit much or is this drop to be expected? Anything that can be done?

Hardware is MX 100 with firmware MX 17.10.4

 

 

9 REPLIES 9
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried disabling the option "Use default gateway on remote network"?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Forgot to mention I in the above test used the Cisco Secure Client application and operating system MacOS Ventura 13.2.1


So thanks @alemabrahao, but no; I haven't tried that. I think ”Use default gateway on remote network” is an option in Windows, right?

alemabrahao
Kind of a big deal
Kind of a big deal

So are using the Anyconnect Client VPN right? Are you using split tunneling?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Yes, AnyConnect VPN is what it says when I open the Cisco Secure Client.app

Setup like this in the AnyConnect Settings in Meraki:

Screenshot 2023-03-21 at 16.49.25.png

alemabrahao
Kind of a big deal
Kind of a big deal

Try specifying the destination traffic only for your LAN networks to validate if it will make any difference.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

OK, thanks. But not sure how to do that. ”Only send traffic going to these hostnames” and adding the details for our LAN?

 

Do I do it for both ”Client Routing” and ”Dynamic Client Routing”?

alemabrahao
Kind of a big deal
Kind of a big deal

Take a look on the documentation.

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Client_Routing

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

A bit unsure how to set it up. If I just need VPN tunneling to a few specific IP addresses on our LAN, how do I specify that? Would that help with performance instead of routing all traffic via the VPN (I guess it would)?


Sorry for my ignorance and thanks for the help!

PhilipDAth
Kind of a big deal
Kind of a big deal

As @alemabrahao says - enable split tunneling on AnyConnect.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels