Scenario:

• We have a network link between two offices.
• The link is provided by a third party company through a VLAN on their network, but to us it is totally transparent -as if we had a simple ethernet cable going from one location to the other-.
• We have one router at each side of the link, with 3 VPN tunnels in between the two.

The test:

• When I test the speed of the network link with the routers in place, with one laptop directly connected to the router on each side, I consistently get ~30/35Mbps.
• But if I take out the routers and I test the link connecting the laptops directly to the ethernet cable at each side, I consistently get ~85/88Mbps.

It's quite a big performance hit, and I would tend to think that the VPN tunnels are responsible for the slow down.

Is it normal that this configuration (two routers with three VPN tunnels between them) takes away so much bandwidth?

More info:

• The encryption algorithm used for the VPN tunnels is AES128.
• The routers model is Zyxel USG200 and Zyxel USG1000, and their CPU, memory, and storage use is well within normal limits.
• The nominal bandwidth of the network link is 100Mbps.
• The network link in question is supplied by a third party company (the building in between our two offices). Basically it passes through their network as a VLAN, but the VLAN is completely transparent to us (e.g. no configuration required on our side, just like one single cable from end to end).

Unfortunately (or maybe fortunately) I cannot directly test different routers configurations as I'm not the person in charge of it.