Showing results for 
Search instead for 
Did you mean: 

packet loss Cisco c871

We have been trying to diagnose a performance problem and would like to get some comments

We have a 2 Cisco C870 routers connected via an EZVPN tunnel.

The remote site is experiencing performance issues connecting to an application at the main location.  There are no performance issues at the main location.

Ping tests from the remote site to the main location are showing consistant packet loss with different datagram size.  Ping tests to an internet ip are also showing consistant packet loss.

Ping tests from the main location to the remote site also are showing packet loss.  Ping tests to an internet IP show no loss.

Attached is the router config

Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102

version 12.4
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
hostname rtrlong02
logging buffered 4096 informational
no logging console
aaa new-model
aaa authentication login default local
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
dot11 syslog
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
ip domain name
login on-failure log

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key fTrdXS#12Aw%%6 address no-xauth
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map outside_map 10 ipsec-isakmp
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 199
log config
interface FastEthernet0
load-interval 30
duplex full
speed 100
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address x.x.x.x x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
crypto map outside_map
interface Vlan1
ip address
ip helper-address
ip nat inside
ip virtual-reassembly
load-interval 30
ip forward-protocol nd
ip route x.x.x.x
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet4 overload
ip access-list extended ALLOW-MB-MANAGEMENT
permit tcp any
permit tcp any
permit tcp host any eq 22
permit tcp host any eq 22
permit tcp host any eq 22
permit tcp host any eq 22
access-list 100 deny   ip
access-list 100 deny   ip
access-list 100 deny   ip
access-list 100 permit ip any
access-list 199 permit ip
access-list 199 permit ip
access-list 199 permit ip
line con 0
no modem enable
line aux 0
line vty 0 4
access-class ALLOW-MB-MANAGEMENT in
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000


Thanks in advance


Cisco Employee

Where are you pinging from and to exactly? For instance at the remote location you stated the

re is packet loss determined by ICMP to the main site and to the internet. Is the ICMP traffic sourced

from the router itself or from a client on the inside network?

Based on your description I would be looking at the interfaces from the source at the remote site all the way to your provider. For instance F0 is statically configured and F4 is not. Are you seeing errors on either interface? Do you have a duplex mismatch?


The pings are sourced from either the vlan for internal ICMP's remote sight source (VLAN1)  to main office (BVI1)

We are getting good response times but loss of packets in the range of 85%.

We are also pinging Internet sites such as and sourcing from interface f4 which is statically configured with public IP.

We are seeing the same percentage drop.

I did not include the public IP in the configuration.

When we ping a public IP from the main site there is no packet loss and speeds are acceptable

If you are seeing loss from F4 to, I would focus there and start from the ground up. Are you seeing errors on the interface for F4? F4 is set to auto negotiate, did it negotiate to half duplex?

Assuming F4 plugs into a cable modem or something, can you disconnect the router and replace it with a laptop temporarily? With the laptop attempting to ping do you see the same loss?


We are not seeing any sort of errors on the the F4 interface or any of the other interfaces.  We are not seeing any duplex mismatch. Connecting a laptop is still showing packet loss but not as much.  We are currently working with the supplier to see if it may be related to there cable modem.  But as stated we are perplexed by good response time 40 - 100 ms but dropped packets.

Keep the questions coming always good to get another perspective.



I'd also like to add that I'm having sort of the same problem, but only when under load.

I have a 50mbps connection and used to be able to utilize that no problem. Now, when I hit 30mbps, I get packet loss to the 871w, from it to my servers, and I can't seem to exceed 30mbps anymore.

And yes, bypassing shows 50mbps all day long. Sorry if this is irrelevant to your situation.

EDIT: adding examples

64 bytes from icmp_req=716 ttl=255 time=5.79 ms

64 bytes from icmp_req=717 ttl=255 time=23.7 ms

64 bytes from icmp_req=718 ttl=255 time=17.9 ms

64 bytes from icmp_req=720 ttl=255 time=68.9 ms

64 bytes from icmp_req=721 ttl=255 time=24.5 ms

64 bytes from icmp_req=722 ttl=255 time=164 ms

64 bytes from icmp_req=723 ttl=255 time=10.9 ms

64 bytes from icmp_req=724 ttl=255 time=3.37 ms

64 bytes from icmp_req=725 ttl=255 time=40.8 ms

  30 second input rate 28918000 bits/sec, 3074 packets/sec

  30 second output rate 1052000 bits/sec, 1572 packets/sec




I don't know, I used to get 50 without a problem but now I can barely do 30.