Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
3
Replies

Vpn site to site

moliver2006
Level 1
Level 1

‎11-30-2006 09:16 AM - edited ‎02-21-2020 02:45 PM

hi i have a vpn between a cisco 827 and a cisco 877. i have the tunnel up but its very slow ... that's the configuration of the cisco 877 where ippublic6 is the public ip of the cisco 877 and ippublicacentral is the ip of the cisco 827 (central) what can ido?

i have changed the ip mtu to 4000 in the cisco 877 but there is not get better...

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxxxxxxx

!

boot-start-marker

boot-end-marker

!

enable password 7 xxxxxxxxx

!

no aaa new-model

!

resource policy

!

ip subnet-zero

ip cef

!

!

no ip domain lookup

!

!

!

!

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxxxx address ippublicacentral no-xauth

!

!

crypto ipsec transform-set ralco esp-3des esp-md5-hmac

!

crypto map unico 1 ipsec-isakmp

description TUNEL CON 192.168.254.21

set peer ippublicacentral

set transform-set xxxxx

match address 112

!

!

!

interface Tunnel0

description TUNEL CON 192.168.254.21

ip address 192.168.254.22 255.255.255.252

ip mtu 1300

tunnel source ATM0.1

tunnel destination ippublicacentral

crypto map unico

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

ip address ippublic6 255.255.255.128

ip access-group 104 in

ip nat outside

ip virtual-reassembly

pvc 8/32

encapsulation aal5snap

!

crypto map unico

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 192.168.7.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

ip classless

ip route 0.0.0.0 0.0.0.0 ATM0.1

ip route 192.168.0.0 255.255.255.0 192.168.254.21

!

no ip http server

no ip http secure-server

ip nat inside source list 135 interface ATM0.1 overload

!

access-list 104 permit gre host ippublicacentral host ippublic6

access-list 104 permit esp host ippublicacentral host ippublic6

access-list 104 permit udp host ippublicacentral eq isakmp host ippublic6

access-list 104 permit tcp any any established

access-list 104 permit icmp any any

access-list 104 permit udp any any

access-list 104 permit ip host ippublicacentral host ippublic6

access-list 104 deny ip any any

access-list 112 permit ip host ippublic6 host ippublicacentral

access-list 135 deny ip host ippublic6 any

access-list 135 permit ip any any

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

password 7 xxxxxxxxxxxxx

login

!

scheduler max-task-time 5000

end

Labels:
0 Helpful
3 Replies 3

dladen
Level 1
Level 1

‎12-01-2006 06:11 PM

Check your router cpu utilization. The VPN encryption process will overload a router if the router does not have the VPN accelerator card. I do not know if it is an option for the routers you are using.

0 Helpful

moliver2006
Level 1
Level 1
In response to dladen

‎12-03-2006 11:41 PM

hi, the vpn is between a cisco 827 and a cisco 877 and the other four vpn configured in the cisco 827 are running ok..

what could be the problem? the cpu runs correctly

0 Helpful

steven.wright
Level 1
Level 1
In response to moliver2006

‎12-04-2006 08:44 AM

a long shot but I saw something similar recently where an spyware infected user had over 2000 NAT translations thereby impacting performance severly on their 800 series.

Pls reply when a resolution is found

0 Helpful
Customers Also Viewed These Support Documents