Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kanah
Ambassador
Ambassador

Harmony Connect Remote Access VPN

Hi team,
 
I have 2 queries regarding HCRA VPN. 
I believe there are 2 VPN communication method in HC which are IPsec or GRE.
 
①I believe there is an overhead of encrypted communication, but to what extent is the speed reduced? How much of a speed drop will there be?
 
②In the document, it says that a maximum of 500 Mbps is possible per connector and that a maximum of 5 connectors can be placed at each site. How are actual communications separated and integrated? (We think it can work like a reverse proxy.)
 
 
0 Kudos
3 Replies
Blason_R
Leader
Leader

Hi,

Yes you can build IPsec as well as GRE per site and then users can access the resources through Tunnel. This is not exactly a revere proxy but I would say a reverse tunnel. So once the users are connected to cloud ztna and you already have connectivity from your branch to harmony connect it builds a reverse tunnel and thus users can access resources from their respective branches.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
PhoneBoy
Admin
Admin

IPSec and GRE are both encapsulations, so they will both add extra bytes to each packet sent on the wire.
It means that 5-10% more packets will be required to transmit the same amount of unencrypted data.
That doesn’t include the latency added by encryption, of course.

0 Kudos
kanah
Ambassador
Ambassador

Thank you both for your response. I have tested using my Azure Virtual Machine. There was not much overhead, only 4-5 ms of ping response differences when I connect to HC VPN and do not connect to HC VPN.  There was not much difference of overhead in the throughput as well.

0 Kudos
Upcoming Events

    CheckMates Events