Hi,

I have a 1841 router connected to an ISP (currently SDSL EFM 10Mbps through an ISP modem, the router and the model are connected with a FastEthernet interface). On another location I have a linux server.

There is an ipsec tunnel (3des-sha esp) between the router and the linux server (actually done with a crypto mac).

The router has a hierarchical QOS policy on the egress interface.

When sending traffic from the network inside the router to the linux host without the ipsec tunnel, everything is working fine and throughput is correct.

When sending traffic from the inside network to the linux host internal ip through the ipsec tunnel, some packets are lost and the traffic throughput decrease.

When sending traffic through the tunnel in the reverse direction (from the linux host to the internal network), everything is fine.

I looked at the QOS statistics and the dropped packets counters don't increase. I looked at the egress/ingress interface statistics and no packets dropped there.

I lowered the MTU on the egress interface, but it didn't solve the problem. I played by sending various ping icmp packets size, but even small packets are sometimes lost.

I tried to check the router CPU, but it seems relatively fine (<= 10%)

I captured the traffic on both side, and I see the packets emitted, and then I can see that some of the esp packets of the corresponding side are not received, so it looks like the cisco router is the culprit.

This 1841 router is running:

1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(24)T4,

How can I troubleshoot where and why those packets are lost?

Thanks!