Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
2
Replies

VTI problem

Go to solution
baxta2712
Level 1
Level 1

‎10-20-2011 07:04 AM

    Hello could anyone help me? I created VTI tunnels between HO and branches HO is 3925 and branches are 881 and 871, configuration is very basic and when traffic pass through tunnel ping rises very heavily from 200 to 1000 ms, CPU on 881 and 871 is ok, how can I improve this problem?

881

interface Tunnel10

description To C-3925

bandwidth 4196

ip address 192.168.193.22 255.255.255.252

ip mtu 1300

ip tcp adjust-mss 1260

ip flow ingress

ip flow egress

ip route-cache flow

ip ospf cost 90

ip ospf mtu-ignore

keepalive 20 5

tunnel source X.X.X.X

tunnel destination X.X.X.X

tunnel mode ipsec ipv4

tunnel protection ipsec profile VTI_BR

3925

interface Tunnel5

description to 881

bandwidth 4192

ip address 192.168.193.21 255.255.255.252

ip mtu 1300

ip virtual-reassembly

ip tcp adjust-mss 1260

ip policy route-map BRANCHES_TO_ASA

ip ospf cost 100

ip ospf mtu-ignore

no snmp trap link-status

traffic-shape group 111 512000 7936 7936 1000

tunnel source X.X.X.X

tunnel mode ipsec ipv4

tunnel destination X.X.X.X

tunnel protection ipsec profile VTI_BR

before VTI there was GRE and averything was OK

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎10-21-2011 07:29 AM

This config could be the issue

traffic-shape group 111 512000 7936 7936 1000

provide the rest of the config relevant to this.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
andrew.prince
Level 10
Level 10

‎10-21-2011 07:29 AM

This config could be the issue

traffic-shape group 111 512000 7936 7936 1000

provide the rest of the config relevant to this.

0 Helpful

Go to solution
baxta2712
Level 1
Level 1
In response to andrew.prince

‎10-21-2011 11:16 PM

   Yes you are right traffic-shape was an issue, this command was shaping unidentified traffic and I did not think that traffic shaping occurs after encription

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents