It's hard to guess without specific information's. It could be bandwidth, cpu , latency.
http://www.aidanfinn.com/?p=9566
Did you Add a rate-limit option for that specific port, but a rate-limit will not distinguish between good or bad traffic. Meaning if an attack comes in it's very possible it'll flood out legitimate traffic.
I've seen lot's of people trying to protect themselves from DOS by limiting incoming packets.
If you did that, It would be best to attempt to filter said traffic by analyzing the packet contents and forming a block rule.
So if this is what you did, blocking packets by specific patterns or types will be the most effective, as long as the traffic pattern doesn't also match traffic needed by the server.
Use netsh to capture IPsec events.
Did you change some HKEY on your system ?
Here some good value you can add.
you should read this assuming you're using windows server
https://technet.microsoft.com/en-us/sys ... sping.aspx
https://blogs.technet.microsoft.com/ask ... h-perfmon/
if you use GNU/Linux you can tweak you SYSCTL and recompile your kernel for more something that fit your needs.
Wireshark could be useful for spot-checking one or two stations that are exhibiting symptoms. If you are actually losing packets, you would need more than that, you would need to perform a correlated capture - one on each side, and identify where a packet may be sent but not received, or something else like re-transmits.