Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
5
Helpful
2
Replies

IPSec SA Congestion

zekebashi
Level 4
Level 4

‎09-13-2018 08:51 AM - edited ‎02-21-2020 08:14 AM

Hello,

 

We've been having an issue with one of the IPSec Tunnels where the tunnel would stay up but becomes congested which causes significant traffic delays and latency. The only way to resolve the issue is if we reset the tunnel on one of the ends(i.e. Site A). I've been trying to search for information to explain why the tunnel would become congested, what commands to use to diagnose the congestion issue, and how to resolve such issues. 

 

I appreciate the assistance.

 

Best, ~sK

 

 

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-13-2018 09:04 AM - edited ‎09-13-2018 09:09 AM

Hi,
When you say congested that would imply that a lot of traffic is going over the VPN tunnel, you probably need to increase the bandwidth or use QoS to shape the traffic. You can use netflow in order to identify the top talkers (source/destination) and define QoS policies from there.

Assuming it's you are using an ASA the command "show local-host detail" would give use some information on the hosts and the number of connections, traffic etc.

HTH

zekebashi
Level 4
Level 4
In response to Rob Ingram

‎09-13-2018 09:35 AM

Thanks for your input and suggestions. Yes, we're using ASAs. The command you provided is very helpful.

 

Much appreciated.

 

Best, ~zK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card