Poor BOVPN Performance - Packet Loss
We recently replaced a Cisco ASA at our main office with a Firebox, but we're experiencing slightly poorer performance with it with respect to packet loss over our IPsec Branch Office VPNs. Using statistics we gather 24/7 on ping responses sent to each site, before, most of our sites didn't respond to around 0-1% of pings sent to them, whereas now, most of our sites aren't responding to around 2-4% of pings (with one affected site in particular not responding to 7-9% of them now). The times for successful pings are unchanged, though, compared to before, and therefore it seems like the problem is probably just packet loss, for some reason. This is causing various little issues, like with things occasionally timing out, in particular at the one site that's being affected more than the others.
In an effort to try and fix this I've experimented with modifying the following settings: Disabling "Enable TCP SYN packet and connection state verification", enabling "TCP MTU Probing", setting "TCP maximum segment size control" to lower values or to "No adjustment", setting the BOVPN's minimum MTU to lower values, and setting the external interface's MTU to lower values, but nothing seemed to make any difference at all. We don't have any QoS or Traffic Management settings set, for the record.
To be honest, for all I know this may not be restricted to just BOVPN's; we keep these historical statistics for our branch office connections, but I have no prior statistics regarding our connection to the internet's performance. In other words, for all I know it might be our connection to the internet itself that's now performing slightly poorer than it was before, not just BOVPN's. If you all happen to have any clue why this might be happening, I sure would appreciate it.