Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
0
Helpful
0
Replies

migrate 2821 > 4331 and now l2tp packet loss

mick
Level 1
Level 1

‎08-20-2020 09:15 PM

For many years (decades) I've supported VPNs from various cisco routers/ISRs to native/builtin Windows VPN clients. This currently includes PPTP and L2TP.  Last week I decided to migrate a 2821 to a 4331. Both are running one T3 WAN and 2 ethernet LAN connections. Configuration of the 2821 was basically copied to the 4331. Outside of the loss of PPTP support, cant see any difference. I installed the 4331 and things looked good but eventually all VPN users reported poor performance. Cant see any errors anywhere but I've stumbled onto a very simple reproducible symptom.

 

With no load on the router, a simple 1 second repeating ping from the router to the assigned remote VPN IP address results in random packet loss - like 20%. This is true regardless of where the remote is located. Could be a few miles away or thousands of miles away. However, the same ping repeated to the remote clients public WAN port is stable - no packet loss. Reinstalling the 2821 "resolves" the issue - no packet loss.

 

I've no clue as to where to even start. Can anyone offer a clue as to how I should be troubleshooting this?

 

The 2821 is version 15.1(4)M12a and the 4331 is version 16.09.04

 

Thanks for any pointers.

 

-mick

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents