Support Center > Search Results > SecureKnowledge Details
Slow throughput for Remote Access VPN users connected to Gaia Embedded appliances Technical Level
Symptoms
  • Poor throughput performance between site and Remote Access VPN users.
  • fw ctl zdebug drop shows many drops for "dropped by vpnktcpt_chain_out Reason: vpnk_tcpt have to be tunneled;"
Cause

Remote Access clients by design will always attempt connection to Gateway over UDP port 4500 (NAT-T).
When NAT-T connection is not possible, the client will attempt connection over visitor mode (TCP 443).

More information on Visitor Mode can be found in sk159372 - Visitor Mode in Remote Access clients.


Solution
Note: To view this solution you need to Sign In .