Solved: There would be no reason to

Andrey Avdeev · ‎04-14-2016

Dear!

When i start to upload/download data - tunnel goes down , when my speed more then 50 Mbps. Moreover, my Cisco 3925 goes to reboot and makes crashdump file after this (he is empty). This happens just when speed more then 50 Mbps. In other time - it works fine.

Friends, give me please some ideas.. i need help

Between routers MPLS cloud.

Router A

interface Tunnel20
description xxx
bandwidth 100000
ip vrf forwarding A
ip address 192.168.199.51 255.255.255.254
ip mtu 1400
zone-member security LAN
ip tcp adjust-mss 1360
delay 40000
qos pre-classify
tunnel source 192.168.199.49
tunnel destination 192.168.199.48
tunnel path-mtu-discovery
tunnel protection ipsec profile A

interface Port-channel1.200
description MPLS-LINK
bandwidth 100000
encapsulation dot1Q 200
ip address 192.168.199.49 255.255.255.254
zone-member security LAN
service-policy output Shaper

class-map match-all nyc
description SMB trafic
match access-group 192
class-map match-all voice
description voice trafic
match ip rtp 16384 16383
match access-group 191
class-map match-all signaling
description
match access-group 190

Extended IP access list 190

10 permit tcp any any eq 5060
20 permit udp any any eq 5060

Extended IP access list 191
10 permit udp any any range 16384 32767 (298122 matches)
20 permit udp any any precedence critical
30 permit udp any any dscp ef

Extended IP access list 192
10 permit ip 192.168.46.0 0.0.0.255 any (1842151 matches)
20 permit ip any 192.168.46.0 0.0.0.255

policy-map VOICE
class voice
priority percent 5
class nyc
priority percent 35
class signaling
priority percent 2
class class-default
fair-queue
policy-map Shaper
class class-default
shape average 100000000
service-policy VOICE

sh ver

Cisco IOS Software, C3900e Software (C3900e-UNIVERSALK9-M), Version 15.3(3)M6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.

Router B

Like router A but ip address 192.168.199.50 255.255.255.254

Crypto

crypto ipsec profile A
set transform-set ESP-3DES-SHA

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel

Philip D'Ath · ‎04-14-2016

You almost certainly have buggy software. I would recommend you upgrade to the gold star release 15.4.3M5. You need a Cisco maintenance contract to get the software, such as a SmartNet.

View solution in original post

Philip D'Ath · ‎04-14-2016

You almost certainly have buggy software. I would recommend you upgrade to the gold star release 15.4.3M5. You need a Cisco maintenance contract to get the software, such as a SmartNet.

Andrey Avdeev · ‎04-14-2016

Hi Philip,

Thanks for your update!

In my 3925 i have ZBF , and i think that i will have a lot of questions with it, when i will make software update. Can you tell me how can i do software upgrate best?

Philip D'Ath · ‎04-14-2016

You just download the software and copy it to the flash: on the router. Then just add/change the boot line to tell it to boot the new software, save the config, and reboot.

boot system flash:xxx.bin

Andrey Avdeev · ‎04-14-2016

Yes, this is clear.

But i talk about difference between sofware version , and in this case ZBF do not word correcty.

So the question is - how to migrate to new software without any problems with current coniguration?

Philip D'Ath · ‎04-17-2016

ZBF should be unaffected. You should not need to change anything in the config. The software upgrade should be straight forward - simple.

Andrey Avdeev · ‎04-19-2016

Philip,

You were right!

I have been update my software to 15.3.M7 version and the problem is gone. This is not last version , but it's stable version from 15.3 series software and there is no reason to make any changes in my ZBF ;)

Thanks,

Philip D'Ath · ‎04-19-2016

There would be no reason to make a change to ZBF either way, but I am glad it is now sorted.

It would be great if you could rate and mark helpful responses.

IPSEC + GRE at Cisco 3925