Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

Help VPN suddenly not decrypting

mbamcisco
Level 1
Level 1

‎12-06-2005 07:43 AM

No major changes were made here is the config file any ideas? Was told may be splittunnel

Labels:
Preview file
31 KB
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎12-12-2005 09:42 AM

Before an IPSec or GRE packet can be decrypted or decapsulated, the packet must be complete. If needed, the packet must be reassembled from its underlying fragments. Fragmentation is a cheap operation as it can be performed in hardware (on the VPNSM) or in the CEF switching path (on classic IOS platforms). On the other hand, reassembly is only performed in hardware on the VPNSM and any other platform would require punting the packet to the process switching flow. This operation is typically slow, costly and can be spotted through packet losses and high CPU. Even when done in hardware, reassembly buffers must be readily available under the penalty of packet losses. If fragments are lost, reassembly buffers get consumed and both software and hardware reassembly are impacted.

0 Helpful
Customers Also Viewed These Support Documents