I've been implementing a ER-PRO at our office last week.
I already had an ER-LITE at my home address.
Both sites have a 100/100 Mbit fiber connection.
If I do speedtest on both I also get the expected throughput.
Both use PPPOE for the WAN-Port
I've configured a VTI tunnel between then (DH14 / AES128/SHA).
This works fine, but throughput is disappointing.
I want to backup files from office to home location.
I only get a max of 40 Mbit throughput from the ER-PRO to the ER-LITE.
At this point the ER-PRO is at about 10% CPU load and the ER-LITE is at about 70% CPU load.
If I test the other way from ER-LITE to ER-PRO I get +/- 70 Mbit. At that point the ER-LITE gets to 100% CPU so for encrypting that's probalbly the max I can get out of the ER-LITE.
I would expect though that pushing it from the ER-PRO to ER-LITE would be faster.
I use the zone based firewall. and have created a seperate zone for the VTI.
My question is: Is this the maximum throughput I could possibly get of am I missing something here.
I'm hoping to get at least the same result from ER-PRO to ER-LITE as I see the other way, hopefully better.
I've been messing around with the MTU on the ER-PRO to get internet up an running correctly so maybe the're something to be optimised there.