SRX

Hi all,

I am experiencing slow file transfers between my main site that uses an SRX240 and my remote site that uses an SRX210. I am transfering large files from one storage server to another.

For example I am transfering large files between my storage servers roughly around 10 GB and I am assuming I am getting under 100k per second since it's been running for almost a day now

When I copy a 180MB file from my Windows 7 machine to the storage server I get 350K a second transfering a 180MB file.

VPN PROPOSALS

description g2-esp-aes128-sha;
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 28800;

SPEED TEST RESULTS

My main office

download = 9MBps

upload = 7.31 MBps

Remote office

download = 4.32 MBps

upload = 1.6 MBps

SHOW SECURITY IPSEC SECURITY-ASSOCIATIONS

DF-bit: clear
    Direction: inbound, SPI: 8254c24e, AUX-SPI: 0
    Hard lifetime: Expires in 17760 seconds
    Lifesize Remaining:  Unlimited
    Soft lifetime: Expires in 17181 seconds
    Mode: tunnel, Type: dynamic, State: installed, VPN Monitoring: UP
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Anti-replay service: enabled, Replay window size: 64

    Direction: outbound, SPI: 47b73a4c, AUX-SPI: 0
    Hard lifetime: Expires in 17760 seconds
    Lifesize Remaining:  Unlimited
    Soft lifetime: Expires in 17181 seconds
    Mode: tunnel, Type: dynamic, State: installed, VPN Monitoring: UP
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Anti-replay service: enabled, Replay window size: 64

I am not sure if this has something to do with my WAN connection speeds or how I setup my VPN's. Is there a way I can dedicate a certain amount of traffic specifically for the site-to-site VPN's and is there anything else I should use to troubleshoot this issue. Any help would be highly apprieciated.

Best Regards,

G

Hi all, I set the security flow tcp-mss mss 1420 on both sites.

On my computer I am getting 512 Kbps transfers

But on another computer I am getting 33/Kbps transfers

I have two SRX 240 connect via a T1 VPN and there are no issues.

Try to monitor the interface via the cli or jweb.

cli

> monitor interface (interface name) fe or ge

Hi Yipster thanks for your reponse, this is my results when I monitor my interface the speeds still seem slow 20kbps is there a way to set an specific ammount of bandwidth only for a vpn tunnel.

Thanks

Fixed the issue. MTU set on the tunnel interface is set to 9000 causing alot of fragmentation. FYI change to a lower value

HI,

Could you provide the command you did. I tried:

set security flow tcp-mss all-tcp mss 1420 and set security flow tcp-mss ipsec-vpn mss 1420

But when i monitor the st0.0, it still says that the MTU is at 9192

Thanks in advance,

Hi,

I am having a similar issue with a route based tunnel between two srx210s. To adjust the tunnel interface enter the following;

set interfaces <interface name> unit 0 family inet mtu <mtu value>