- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-21-2017 01:58 PM
Hi folks,
We have several IPSec tunnels, but only one is complaining of poor performance using a specific application that the tunnel is meant for. Management asking for firewall stats to prove if it is related to IPSec tunnel/firewall performance issue or not.
I am following this article and see the first twenty ports, but do not know which ones correspond to my tunnel interfaces.
Anyone have tips for measuring interface throughput and comparing looking for performance issues?
12-25-2017 02:24 PM
WIth just these numbers I wouldn't really be able to say anything for certain. One thing that generally happens with tunnels however is that the other end has a less than stellar VPN connection. Do you know what the other end's device is, or what the other connection looks like?
12-21-2017 02:17 PM
For something like this I would really recommend simply downloading Pan(w)achrome for a nice visiual layout.
If you run 'show interface tunnel.10' and replace your tunnel with whatever one you are actually looking at you'll see the stats that you can compare to what you are seeing on the port stats to determine which port is actually your tunnel interface. The interface stats that the first command pulls may be enough for what you are looking for as well.
12-21-2017 03:09 PM
Thank you BPry!
That is helpful. It does display bitrate for my tunnel interfaces. I notice the one complaining about, tunnel.6 performance does have a lower bitrate than the other two. It seems consistent (everytime I look at it or refresh).
I wonder if I could capture these stats for graphing?
Any comment about what could be going on with the lower bitrate for this connection tunnel.6 specifically?
12-22-2017 09:30 AM
Hello,
We use the netflow to determine capacity over time. Wonder if something would work in this case?
Cheers!
12-25-2017 02:24 PM
WIth just these numbers I wouldn't really be able to say anything for certain. One thing that generally happens with tunnels however is that the other end has a less than stellar VPN connection. Do you know what the other end's device is, or what the other connection looks like?
12-29-2017 05:02 AM
Thank you for the feedback folks. Yea, I tend to believe it's on the other end. I called PA support and looked over my connection, drops, TCP handshake, "health check" and everything looks good on our end. I just wanted to get a headstart on troubleshooting our end, before the blame comes my way first...
Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!