Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
8
Replies

Problem IPsec Tunnel on Cisco Catalyst 8200L

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1

‎07-21-2023 09:25 PM - edited ‎07-22-2023 09:07 PM

Dear all

        Please help to find solution for fixed, I replaced C2911 to C8200L using IPSec Tunnel but when I migrate all config.Result that all tunnel is up and IPsec up seem like normal. but some application was not stable.RDP can't use.

 

 

 

 

0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎07-22-2023 07:07 AM

same reply window 512 but, are c8200L support QoS pre-classify ?

0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1

‎07-22-2023 07:51 PM

I don't sure , but i copy config from existing device, All Tunnel is up, How I solved this sitiation? What is command qos pre-classify?

interface Tunnel1802
description ### BR802 TOT-HQ-LAOS ###
bandwidth 5120
ip address 10.102.9.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
ip ospf 1 area 100
qos pre-classify
keepalive 10 5
tunnel source 10.69.8.254
tunnel destination 10.69.8.2
service-policy output QOS_KSBL_5M

!

interface Tunnel2802
description ### BR802 HGC-HQ-LAOS ###
bandwidth 5120
ip address 10.102.9.129 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
ip ospf 1 area 100
qos pre-classify
keepalive 10 5
tunnel source 10.89.8.254
tunnel destination 10.89.8.2
service-policy output QOS_KSBL_5M

0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1

‎07-22-2023 07:56 PM - edited ‎07-22-2023 09:11 PM

@MHM Cisco World  Branch is c8200L before c2911 HQ,is ISR4451

0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1
In response to 00u1h1ok6lvBNNjOt5d7

‎07-22-2023 08:00 PM - edited ‎07-22-2023 09:14 PM

-

0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1

‎07-22-2023 09:27 PM

@MHM Cisco World  Now , I rollback Branch Router to C2911 so  all aplication is normal. When i used C8200L ,It have a unstable some application.but all status ospf is normal, ipsec is up,all tunnel is normal. Do you think root cause in this case?

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to 00u1h1ok6lvBNNjOt5d7

‎07-23-2023 06:40 AM

Please explain in more detail what you mean by unstable? 

  • is the speed slow?
  • is the application losing connection? If yes, is it losing connection after a certain amount of time each time or is it random?
  • What type of application is this?

Something you could try is changing "ip mtu 1400" to "ip mtu 1360".  You also are limiting the bandwidth, test by removing the bandwidth command on the tunnel interface to see if performance improves.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1
In response to Marius Gunnerud

‎07-23-2023 07:21 PM

@Marius Gunnerud  Now , I rollback Branch Router to C2911 so all aplication is normal. When i used C8200L ,It have a unstable some application.but all status ospf is normal, ipsec is up,all tunnel is normal. Do you think root cause in this case?

Here is config on Branch(C2911)

interface Tunnel1
description ### xx ###
bandwidth 5120
ip address 10.102.9.2 255.255.255.252
ip mtu 1400
ip flow ingress
ip flow egress
ip tcp adjust-mss 1300
load-interval 30
qos pre-classify
keepalive 10 5
tunnel source 10.69.8.2
tunnel destination 10.69.8.254
service-policy output QOS_KSBL_5M
!
interface Tunnel2
description ### xx ###
bandwidth 5120
ip address 10.102.9.130 255.255.255.252
ip mtu 1400
ip flow ingress
ip flow egress
ip tcp adjust-mss 1300
load-interval 30
qos pre-classify
keepalive 10 5
tunnel source 10.89.8.2
tunnel destination 10.89.8.254
service-policy output QOS_KSBL_5M

Here is COnfig on C8200l (rollback)

interface Tunnel1
description ### xx ###
bandwidth 5120
ip flow monitor MONITOR input
ip flow monitor MONITOR output
ip address 10.102.9.2 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
load-interval 30
qos pre-classify
keepalive 10 5
tunnel source 10.69.8.2
tunnel destination 10.69.8.254
service-policy output QOS_KSBL_5M
!
interface Tunnel2
description ###xx ###
bandwidth 5120
ip flow monitor MONITOR input
ip flow monitor MONITOR output
ip address 10.102.9.130 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
load-interval 30
qos pre-classify
keepalive 10 5
tunnel source 10.89.8.2
tunnel destination 10.89.8.254
service-policy output QOS_KSBL_5M

HQ

interface Tunnel1802
description ### Connect to Branch Tunnel 1###
bandwidth 5120
ip address 10.102.9.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
ip ospf 1 area 100
qos pre-classify
keepalive 10 5
tunnel source 10.69.8.254
tunnel destination 10.69.8.2
service-policy output QOS_KSBL_5M

!

interface Tunnel2802
description ### Connect to Branch(TUNNEL2) ###
bandwidth 5120
ip address 10.102.9.129 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1300
ip ospf 1 area 100
qos pre-classify
keepalive 10 5
tunnel source 10.89.8.254
tunnel destination 10.89.8.2
service-policy output QOS_KSBL_5M

 

0 Helpful

00u1h1ok6lvBNNjOt5d7
Level 1
Level 1

‎07-24-2023 12:21 AM

@Marius Gunnerud  For your question

Please explain in more detail what you mean by unstable? 

Application X cannot run some station.but try to repeat,can enter it.

Application X release the screen. the screen will show error or hang.

Web Y nornally run by IE11, temporary fixed by using Google Chrome.

Web Z cannot run all browser,but able to run by google chrome,by enter repeat.

 

0 Helpful
Customers Also Viewed These Support Documents