I have been struggeling to get IPsec to work properly in Windows 7 / Windows 2008 R2 environment. I have done several tests and concluded that Win 7 clients behind NAT-routers get extremley low SMB speed against a directly connected SMB server with IPSec (without IPSec speeds are correct). Have tried all possible configurations (reinstalled machines, different IPSec setup etc) but it always remains the same, clients behind NAT get only 400-700 KB/s while directly connected clients get 7-9 MB/s (tested over 100 Mbit internet connection in both places). [EDIT] Have now also tested running FTP and get the same strange result, running over IPsec NAT-T I get around ~700 KB/s compared to 9 MB/s runnning without NAT (still on IPSec). This means there is something going on with IPsec and NAT-T. Has anyone noticed this or am I missing something out ? Have also done some initial network packet capturing and everything seems correct. Regards, Jens

Maybe your network devices do not support auto-tuning well. You may disable it and check the result. To disable auto-tuning, use the following command. netsh interface tcp set global autotuninglevel=disabled If it does not help, disable SMBv2 in Windows 7 and check if the issue can be resolved. sc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabledPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Will check right away, using Wireshark I see that encapsulated ESP/UDP packages are coming in at 590 bytes each. Will get back after testing your suggestion. // Jens

No difference... I didn't try to disable SMBv2 since the problem exists for all protocols RDP, FTP etc... all are slow. Have tried to understand if fragmentation can cause any issues but I can't see they should if we are talking about UDP. I can ping a 1430-bytes package at maximum. Any other suggestions ?