All Barracuda Firewalls running site-to-site VPN to Amazon AWS
You may find that your site-to-site VPN tunnel to Amazon AWS is passing traffic slowly or dropping packets even if the tunnel itself is up and stable. If this is the case, there are a few things you may want to check on the Barracuda and on the AWS side:
If you have multiple networks behind the Barracuda using the same VPN tunnel, it is recommended to separate those into individual tunnels to AWS as it sometimes causes multiple phase 2 attempts, resulting in severe latency. For example, lets say you have two internal networks behind your Barracuda (192.168.1.0/24 and 172.16.1.0/24). Instead of creating one VPN tunnel with both of those networks in the "local networks" field, make two different tunnels for each network. If you want to have multiple networks on one tunnel, you will need to add those networks on the static routes table under the AWS VPN connections page (VPC Management Console>VPN Connections->Static Routes).
Check the firewall rule on the Barracuda side to see how many networks are referenced in the source column. If you have multiple networks behind the Barracuda using the same VPN tunnel, it is recommended to create a separate rule for each network.
Link To This Page: