Just came across this recently and figured I'd share my discovery. When deploying a VPN solution using the Cisco AnyConnect Client over SSL, using JUST the SSL tunnel makes things painfully slow - in the neighborhood of 1-2 Mb per sec, even if bandwidth is adequate on both ends.
The key is to enable the DTLS channel that allows traffic to flow over a UDP tunnel instead of the SSL TCP tunnel (TCP over TCP issue). Initial testing shows bandwidth in the neighborhood of 15-18 Mb on the downstream front (limited now by the client's ISP).
To enable, use the following resource from Cisco and allow the UDP port through to the ASA if it's behind another firewall: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html#wp1059928
The key is to enable the DTLS channel that allows traffic to flow over a UDP tunnel instead of the SSL TCP tunnel (TCP over TCP issue). Initial testing shows bandwidth in the neighborhood of 15-18 Mb on the downstream front (limited now by the client's ISP).
To enable, use the following resource from Cisco and allow the UDP port through to the ASA if it's behind another firewall: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/svc.html#wp1059928
Facebook
Twitter