I'm facing some challenges with our VPN setup at work. We have an IPSEC VPN connection to vendor-managed servers in Azure, but we're experiencing slow data transfer speeds of around 160-250 Mbps, which becomes a significant bottleneck when handling multi-gigabyte files. There's also noticeable packet loss, which is concerning for our business operations. Our firewall is a Sonicwall NSA3700 and it's on Gigabit Fiber, so bandwidth doesn't seem to be the issue. We're using IKE V2 for the tunnel with both AES256 and AESGCM256 encryption, but adjustments haven't improved performance. I've checked that Deep Packet Inspection is disabled and I'm unsure where else to look for possible causes. Any advice would be greatly appreciated!
3 Answers
Make sure you're using the correct MTU settings on both sides. Also, check how much speed you're paying for with the VPN gateway in Azure and for the disk. If you're not handling the Azure payments directly, get in touch with your vendor for that info.
You might also need to consider enabling TCP MSS Clamping on your WAN interface, alongside setting the MTU. I used some notes from when I set up a site-to-Azure VPN recently, and it was really helpful!
You might want to check the VPN gateway SKU your vendor is using in Azure. That can impact performance significantly.
I don’t know that information offhand, but I’ll ask them for details.
First off, 250 Mbps over IPSEC to Azure is pretty standard, so it might not be as bad as it seems. Just keep in mind that many hardware platforms cap IPSEC tunnels at this speed unless you opt for more expensive options. Even then, you’ll be limited by the hardware and your ISP's bandwidth.
The disk itself is fast for copying data across VMs, but I need to confirm the bandwidth details with my vendor.