11-30-2006 09:16 AM - edited 02-21-2020 02:45 PM
hi i have a vpn between a cisco 827 and a cisco 877. i have the tunnel up but its very slow ... that's the configuration of the cisco 877 where ippublic6 is the public ip of the cisco 877 and ippublicacentral is the ip of the cisco 827 (central) what can ido?
i have changed the ip mtu to 4000 in the cisco 877 but there is not get better...
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxxx
!
boot-start-marker
boot-end-marker
!
enable password 7 xxxxxxxxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip domain lookup
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key xxxxxx address ippublicacentral no-xauth
!
!
crypto ipsec transform-set ralco esp-3des esp-md5-hmac
!
crypto map unico 1 ipsec-isakmp
description TUNEL CON 192.168.254.21
set peer ippublicacentral
set transform-set xxxxx
match address 112
!
!
!
interface Tunnel0
description TUNEL CON 192.168.254.21
ip address 192.168.254.22 255.255.255.252
ip mtu 1300
tunnel source ATM0.1
tunnel destination ippublicacentral
crypto map unico
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address ippublic6 255.255.255.128
ip access-group 104 in
ip nat outside
ip virtual-reassembly
pvc 8/32
encapsulation aal5snap
!
crypto map unico
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.0.0 255.255.255.0 192.168.254.21
!
no ip http server
no ip http secure-server
ip nat inside source list 135 interface ATM0.1 overload
!
access-list 104 permit gre host ippublicacentral host ippublic6
access-list 104 permit esp host ippublicacentral host ippublic6
access-list 104 permit udp host ippublicacentral eq isakmp host ippublic6
access-list 104 permit tcp any any established
access-list 104 permit icmp any any
access-list 104 permit udp any any
access-list 104 permit ip host ippublicacentral host ippublic6
access-list 104 deny ip any any
access-list 112 permit ip host ippublic6 host ippublicacentral
access-list 135 deny ip host ippublic6 any
access-list 135 permit ip any any
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxx
login
!
scheduler max-task-time 5000
end
12-01-2006 06:11 PM
Check your router cpu utilization. The VPN encryption process will overload a router if the router does not have the VPN accelerator card. I do not know if it is an option for the routers you are using.
12-03-2006 11:41 PM
hi, the vpn is between a cisco 827 and a cisco 877 and the other four vpn configured in the cisco 827 are running ok..
what could be the problem? the cpu runs correctly
12-04-2006 08:44 AM
a long shot but I saw something similar recently where an spyware infected user had over 2000 NAT translations thereby impacting performance severly on their 800 series.
Pls reply when a resolution is found
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide