The performance of a VPN on the network affects many forms of communication differently. The type of VPN selected directly affects its performance. Some critical factors can affect the performance of your VPN:

• VPN type—The performance characteristics of a VPN supporting remote clients can be very different from the performance characteristics of a VPN supporting site-to-site connections, or even a mixture of remote clients and site-to-site connections.
• Protocol—The performance characteristics associated with an IPSec VPN can be very different from what you may find with an SSL VPN implementation. How you apply IPSec and SSL/TLS in a VPN solution can affect your VPN’s performance. Validating the performance specifications of the solution before you roll it out into production should address any performance issues associated with the protocol startup.
• Load—The number of remote access or site-to-site VPNs will affect the overall performance of your VPN rollout. The challenge in addressing this issue, particularly in an environment supporting a large pool of remote clients, is that the performance issues will tend to crop up during peak use. To appropriately diagnose these issues, you will need to understand the network and usage fluctuations to identify times of peak usage. Many of the current reporting tools available for VPNs tend to show averages over time, which can hide peaks and valleys in the use numbers. Be sure you fully understand these performance reports.
• Client configuration—In a remote VPN connection, much of the performance is actually related to the client’s capabilities. If the remote client is running on old hardware with limited memory and an underpowered processor, the overhead associated with encrypting the traffic will affect performance of the VPN connection. Another factor contributing to overhead is other programs and processes running on the remote PC. If the user is running a memory-intensive application such a photo editing suite, you may find that this resource impact reduces the performance of the VPN.
• Bandwidth—The bandwidth available to your VPN can have a significant impact on its performance and can vary widely among the remote hosts and gateways. If your VPN is supporting site-to-site VPNs connecting two locations, the bandwidth allocated at either (or both) ends of the connection may affect performance. You may find, for example, that an unreliable DSL connection at a remote client location creates unacceptable delays for the user.
• Topology—Depending on the location of your VPN endpoints, the topology may affect performance. For example, if your VPN connection has to traverse a firewall or a proxy server, you may find reduced performance depending on how well those devices handle the VPN traffic.
• Encryption level—The higher the encryption level, the stronger the security, but also the greater the impact on the memory and processor of the endpoint devices. That being said, you should always run the highest encryption available. If you suspect encryption is causing performance issues, you can look into a dedicated processor for handling encryption or upgrading the processing capabilities of the central processor.
• Traffic—An issue related to bandwidth is traffic loads. Let’s say the sales department likes to stream video baseball games across the computer network on Wednesday afternoon, and you have VPN performance issues during that time. Increasing bandwidth may fix the problem but does not really address the root cause, which is a traffic spike rather than too little bandwidth. To diagnose a performance issue related to traffic, devise a way to look at the traffic on your network. Another facet of this issue is what the traffic load looks like across the VPN. Do your remote users store their documents on servers in the core network for backups and security? If you are running your VPN with split tunneling disabled, are remote users doing web browsing through the VPN connection? Optimizing traffic within the VPN and on the outside network traffic can go a long way to ensuring that you do not encounter performance issues.
• Client version—Sometimes, the software version installed on the client can affect performance. Managing older versions on remote devices can be very difficult depending on how your organization manages those devices. Keep your clients up to date, and you should be able to avoid any performance issues related to client versions.

To ensure a successful VPN deployment, the implementation must be stable. Stability refers to the ability of the VPN solution to stay “up” and available with consistent performance (no dropped connections or drag). Some factors that can affect VPN stability include:

• Configuration—Ultimately, how you configure the VPN will have a major impact on your VPN deployment. Check your internal VPN configuration, and factor stability into your initial design. If access to the network through the VPN is mission-critical, you should ensure use of configuration that includes some level of high availability or failover.
• Location—Consider placement of the VPN in the network. If the VPN connection has to traverse three firewalls, multiple local routers, and a proxy server, you may find that the connections are not as stable as needed.
• Software version—The version of VPN software (or in the case of a hardware VPN, the concentrator code) can have a significant impact on the stability of the rollout. Be sure to keep the VPN software updated. Careful testing of all software version updates is essential prior to release into the production environment.
• Underlying OS—The OS on which you run your VPN can definitely affect the stability of your VPN implementation. A VPN running on an old Windows OS might have issues with the dreaded blue screen of death. A hardware-based VPN could run into challenges if there are firmware or OS issues, although those problems are typically less common than with an OS-based solution. The number of lines of software code needed to run a hardware VPN are quite a bit less than the current OS coding. The leaner, more precise the software, the less risk you run of issues with the OS.

While these lists contain many of the most common sources of performance issues you may encounter, be sure to reference your troubleshooting processes and procedures when diagnosing VPN performance and stability issues.