cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1474
Views
0
Helpful
0
Replies

DMVPN - Slow Performance

adamtodd16
Level 3
Level 3

Hi All,

I've read just about every resource and tried everything I've found, but still facing performance issue on DMVPN. 

I've tried tunnel mtu-path-discovery and it makes things worse (especially for video calls), so I have moved away from it entirely. 

Hoping someone can review config and spot something I've missed. 

Specific issues - Internal web-based applications are sluggish and file transfer are slow. 

Hub - 2951

Spoke - 4331

--------Hub----------

crypto isakmp policy 50
encr aes 256
authentication pre-share
group 14
crypto isakmp key MYPASSWORD address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 126 5 periodic
crypto isakmp xauth timeout 60

!
crypto ipsec security-association replay window-size 1024
!
crypto ipsec transform-set TUNNEL esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec df-bit set
!
crypto ipsec profile TUNNEL
set security-association lifetime seconds 86400
set transform-set TUNNEL
!

!
interface Tunnel1
description DMVPN Tunnel
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp authentication firewall
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
tunnel source 1.1.1.1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile TUNNEL

-----Spoke-----

crypto isakmp policy 50
encr aes 256
authentication pre-share
group 14
crypto isakmp key MYPASSWORD address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 126 5 periodic
crypto isakmp xauth timeout 60

!
crypto ipsec security-association replay window-size 1024
!
crypto ipsec transform-set TUNNEL esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec df-bit set
!
crypto ipsec profile TUNNEL
set security-association lifetime seconds 86400
set transform-set TUNNEL
!
!
!
interface Tunnel1
description DMVPN Tunnel
bandwidth 50000
ip address 172.16.1.60 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication firewall
ip nhrp map multicast dynamic
ip nhrp map multicast 1.1.1.1
ip nhrp map 172.16.1.1 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.1.1
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile TUNNEL shared

0 Replies 0