10-20-2011 07:04 AM
Hello could anyone help me? I created VTI tunnels between HO and branches HO is 3925 and branches are 881 and 871, configuration is very basic and when traffic pass through tunnel ping rises very heavily from 200 to 1000 ms, CPU on 881 and 871 is ok, how can I improve this problem?
881
interface Tunnel10
description To C-3925
bandwidth 4196
ip address 192.168.193.22 255.255.255.252
ip mtu 1300
ip tcp adjust-mss 1260
ip flow ingress
ip flow egress
ip route-cache flow
ip ospf cost 90
ip ospf mtu-ignore
keepalive 20 5
tunnel source X.X.X.X
tunnel destination X.X.X.X
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI_BR
3925
interface Tunnel5
description to 881
bandwidth 4192
ip address 192.168.193.21 255.255.255.252
ip mtu 1300
ip virtual-reassembly
ip tcp adjust-mss 1260
ip policy route-map BRANCHES_TO_ASA
ip ospf cost 100
ip ospf mtu-ignore
no snmp trap link-status
traffic-shape group 111 512000 7936 7936 1000
tunnel source X.X.X.X
tunnel mode ipsec ipv4
tunnel destination X.X.X.X
tunnel protection ipsec profile VTI_BR
before VTI there was GRE and averything was OK
Solved! Go to Solution.
10-21-2011 07:29 AM
This config could be the issue
traffic-shape group 111 512000 7936 7936 1000
provide the rest of the config relevant to this.
10-21-2011 07:29 AM
This config could be the issue
traffic-shape group 111 512000 7936 7936 1000
provide the rest of the config relevant to this.
10-21-2011 11:16 PM
Yes you are right traffic-shape was an issue, this command was shaping unidentified traffic and I did not think that traffic shaping occurs after encription
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide