Ping drop issue when bandwidth utilization above 25 mbps in IPsec site to site VPN Tunnel

SagarKotadiya · ‎09-29-2022

We have 100F device (OS 7.0)with 42 mbps at head office and 50E device (OS 6.2.11) with 35 mbps at branch office.

we observe ping getting drop if bandwidth utilization reached above 25 mbps.

jintrah_FTNT · ‎09-29-2022

Hi,

Is the drop only on icmp traffic over vpn at 25mbps or more?

Best regards,

Jin

SagarKotadiya · ‎09-29-2022

icmp traffic and also ssh session disconnect

jintrah_FTNT · ‎09-29-2022

Ok, so it mean all traffic getting affected in the path. You should check if the esp packets send from one end are received on the other. If there is any drop determined in the path for esp traffic, you can engage ISP to check or redirect the traffic through an alternate path for you.

Best regards,

Jin

gfleming · ‎09-29-2022

It is possible your 50E is overloaded. Max IPSec throughput for that box is 90Mbps. That's with no other services running. So if you are also doing NGFW inspection, etc you may be overloading it.

Alternatively you might be hitting buffer bloat on the ISP WAN Link if you are saturating it. Are your WAN link speeds symmetrical? 42mbps up/down and 35mbps up/down? What is the total utilization of your WAN links? Hitting 100% ever?

Cheers,
Graham

Ping drop issue when bandwidth utilization above 25 mbps in IPsec site to site VPN Tunnel

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website