Support Center > Search Results > SecureKnowledge Details
Large scale support in VPN Remote Access Visitor-Mode Technical Level
Symptoms
  • Slowness when connected with Remote Access VPN in Visitor Mode.
  • Accelerated connections interrupted upon roaming from NAT-T to Visitor Mode.
  • The vpnd process consumes CPU at high level on the Security Gateway when many Remote Access CPN clients are connected in Visitor Mode.
Cause

Usually, when the Remote Access VPN Client connects to the Security Gateway, the VPN tunnel is established on port 4500. When this port is unreachable for some reason, the Remote Access VPN Client switches automatically to Visitor Mode (Roaming), where the packets destined to port 4500 are encapsulated and sent to port 443 on the Security Gateway.

Visitor Mode packets are handled by the VPN daemon (vpnd) in the User Space, unlike NAT-T packets that are handled by the Kernel. Handling Visitor Mode packets in the User Space increases the overhead on the system, and consequently affects the performance of Remote Access VPN connections.


Solution
Note: To view this solution you need to Sign In .