>Did you check your IPSec offload settings?
Yes, I tried this both ways - see post #5. I believe the default is offload. Also, the CPU is definitely not swamped.
>Did you use the wizard to build the L2TP tunnel?
No, I configured it manually from the various sources here. I am not aware there is a wizard for L2TP
>Cause your issue looks kinda like this one, so the MSS clamping value might be the problem
Thanks, so now I tried the clamping using the TCP MSS clamping wizard: enabled, All types. I tried 1412 (default) and 1312. No improvement.
It does seem the problem has something to do with fragmentation or packet loss. I did a couple of other tests:
From the remote Win 7 PC, I used the free mturoute tool:
(tunnel off) mturoute 8.8.8.8 result = 1500 bytes
(tunnel off) mturoute <ER public WAN IP> result = "Target is not responding to pings"
(tunnel on) mturoute <ER LAN IP> result = 1400 bytes
(tunnel on) mturoute <PC IP on LAN> result = 1400 bytes
I don't know if this information helps or not. I read in several places about reducing MTU to stop fragmentation, but it is not clear _WHERE_ to do this. There are the ER eth interfaces. Then there is the "set vpn l2tp remote-access mtu 1492", and also the clamping. Which is one should be less than which one, etc.
Also, isn't there any other diagnostics I can get out of the ER to show lost packets, fragmentation, etc.