Security

We are testing if Aruba Via for your remote access vpn, we current got Cisco anyconnect.

Right now we are testing it on a Aruba 7030 controller, im running Via 3.4.2 and ArubaOS 8.4.0.6.

Its running IkeV2 with eap-tls.

The Via client is working fine, but im getting about 60-70 mbit on ipsec and if i force it to do ssl im only getting 10-20 mbit.

Its proberly the pc thats has the issuer here, its a Dell Intel I5-7300U.

Can i do something to get the ssl speed up? iv tried a lots of ciphers.

Help is really needed cause we need to report back to our chief next week if we think its good enough or not, should i got down to IkeV1?

Morten

SSL would always be slower than ipsec and is considered a failback mechanism, really.  Any cipher with AES would give you the best performance, in general.

EDIT Below

My post was inaccurate:

I meant to say that Ipsec over TCP has less performance than ipsec over UDP, in general.

To be specific:

The “SSL Fallback” option is just using IPsec over TCP port 443.  It’s still 100% IPsec traffic otherwise, just not using ESP for the communication protocol to help with some older firewalls that don’t let it through (NGFW systems shouldn’t allow it either as it’s not TLS/SSL traffic so they still need to open either a generic TCP 443 connection or allow ESP on non-proto 50 protocols).

Hi.

I think we would have to "live" with the slow speed on ssl fallback, most of the user would be on ip sec prob. 99% now i just need to fix the issue with the via client crashin when i overload the ssl fallback connection with to much traffic but my local SE is on it, thx for the reply