Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > slow VPN

Reply
Thread Tools

slow VPN

 
 
Robin Peters
Guest
Posts: n/a
 
      05-04-2005
Hi, I've got a GRE tunnel across the internet, end devices are both cisco
2600's with wic-1adsl, it's pppoATM. The problem is that I only get about
half the badwidth through the link that I'd excpect. If I upload data for
several hours it goes at 120k, but I can upload to the internet at 250 ish.

Here's the config below, any suggestions? memory and cpu seem to be fine.

ip address 10.255.0.1 255.255.255.252
ip mtu 1408
ip hello-interval eigrp 10 60
ip hold-time eigrp 10 600
ip tcp adjust-mss 1200
tunnel source Dialer2
tunnel destination 84.*.*.*
tunnel key 77056
tunnel protection ipsec profile ISC_IPSEC_PROFILE_1

crypto isakmp policy 3
authentication pre-share
group 2
crypto isakmp key *********** address 84.*.*.*
!
crypto ipsec security-association lifetime seconds 10000
!
crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
!
crypto ipsec profile ISC_IPSEC_PROFILE_1
set transform-set ISC_TS_1


It's essentially the same config at both sides.

Regards


 
Reply With Quote
 
 
 
 
Nick
Guest
Posts: n/a
 
      05-04-2005
What version of 2600? XM or the older model. Do you have an onboard
encryption card?

I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a
DS3). Most of the remote locations used 2600's with Basic onboard
encryption cards and I never noticed a problem with throughput. I
interviewed at a place a few weeks back and the manager was complaining
that the 2600's would max out at 128k WITHOUT encryption cards.

Robin Peters wrote:
> Hi, I've got a GRE tunnel across the internet, end devices are both cisco
> 2600's with wic-1adsl, it's pppoATM. The problem is that I only get about
> half the badwidth through the link that I'd excpect. If I upload data for
> several hours it goes at 120k, but I can upload to the internet at 250 ish.
>
> Here's the config below, any suggestions? memory and cpu seem to be fine.
>
> ip address 10.255.0.1 255.255.255.252
> ip mtu 1408
> ip hello-interval eigrp 10 60
> ip hold-time eigrp 10 600
> ip tcp adjust-mss 1200
> tunnel source Dialer2
> tunnel destination 84.*.*.*
> tunnel key 77056
> tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
>
> crypto isakmp policy 3
> authentication pre-share
> group 2
> crypto isakmp key *********** address 84.*.*.*
> !
> crypto ipsec security-association lifetime seconds 10000
> !
> crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
> !
> crypto ipsec profile ISC_IPSEC_PROFILE_1
> set transform-set ISC_TS_1
>
>
> It's essentially the same config at both sides.
>
> Regards
>
>

 
Reply With Quote
 
 
 
 
Robin Peters
Guest
Posts: n/a
 
      05-04-2005
Hi Nick,

One of them is a 2600xm and the other the older type. Neither has an
encryption card. Maybe just a limitation eh? I've just downgraded it from
3des to des and the results look pretty much the same... but then to be
expected as there were no cpu issues anyway.

Ah well.

"Nick" <(E-Mail Removed)> wrote in message
news:706ee.990$(E-Mail Removed). ..
> What version of 2600? XM or the older model. Do you have an onboard
> encryption card?
>
> I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a DS3).
> Most of the remote locations used 2600's with Basic onboard encryption
> cards and I never noticed a problem with throughput. I interviewed at a
> place a few weeks back and the manager was complaining that the 2600's
> would max out at 128k WITHOUT encryption cards.
>
> Robin Peters wrote:
>> Hi, I've got a GRE tunnel across the internet, end devices are both cisco
>> 2600's with wic-1adsl, it's pppoATM. The problem is that I only get
>> about half the badwidth through the link that I'd excpect. If I upload
>> data for several hours it goes at 120k, but I can upload to the internet
>> at 250 ish.
>>
>> Here's the config below, any suggestions? memory and cpu seem to be
>> fine.
>>
>> ip address 10.255.0.1 255.255.255.252
>> ip mtu 1408
>> ip hello-interval eigrp 10 60
>> ip hold-time eigrp 10 600
>> ip tcp adjust-mss 1200
>> tunnel source Dialer2
>> tunnel destination 84.*.*.*
>> tunnel key 77056
>> tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
>>
>> crypto isakmp policy 3
>> authentication pre-share
>> group 2
>> crypto isakmp key *********** address 84.*.*.*
>> !
>> crypto ipsec security-association lifetime seconds 10000
>> !
>> crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
>> !
>> crypto ipsec profile ISC_IPSEC_PROFILE_1
>> set transform-set ISC_TS_1
>>
>>
>> It's essentially the same config at both sides.
>>
>> Regards
>>


 
Reply With Quote
 
Nick
Guest
Posts: n/a
 
      05-05-2005
I have a couple of 2600's in my garage. I'll yank the encryption cards
and see how it runs.

Robin Peters wrote:
> Hi Nick,
>
> One of them is a 2600xm and the other the older type. Neither has an
> encryption card. Maybe just a limitation eh? I've just downgraded it from
> 3des to des and the results look pretty much the same... but then to be
> expected as there were no cpu issues anyway.
>
> Ah well.
>
> "Nick" <(E-Mail Removed)> wrote in message
> news:706ee.990$(E-Mail Removed). ..
>
>>What version of 2600? XM or the older model. Do you have an onboard
>>encryption card?
>>
>>I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a DS3).
>>Most of the remote locations used 2600's with Basic onboard encryption
>>cards and I never noticed a problem with throughput. I interviewed at a
>>place a few weeks back and the manager was complaining that the 2600's
>>would max out at 128k WITHOUT encryption cards.
>>
>>Robin Peters wrote:
>>
>>>Hi, I've got a GRE tunnel across the internet, end devices are both cisco
>>>2600's with wic-1adsl, it's pppoATM. The problem is that I only get
>>>about half the badwidth through the link that I'd excpect. If I upload
>>>data for several hours it goes at 120k, but I can upload to the internet
>>>at 250 ish.
>>>
>>> Here's the config below, any suggestions? memory and cpu seem to be
>>>fine.
>>>
>>>ip address 10.255.0.1 255.255.255.252
>>> ip mtu 1408
>>> ip hello-interval eigrp 10 60
>>> ip hold-time eigrp 10 600
>>> ip tcp adjust-mss 1200
>>> tunnel source Dialer2
>>> tunnel destination 84.*.*.*
>>> tunnel key 77056
>>> tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
>>>
>>>crypto isakmp policy 3
>>> authentication pre-share
>>> group 2
>>>crypto isakmp key *********** address 84.*.*.*
>>>!
>>>crypto ipsec security-association lifetime seconds 10000
>>>!
>>>crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
>>>!
>>>crypto ipsec profile ISC_IPSEC_PROFILE_1
>>> set transform-set ISC_TS_1
>>>
>>>
>>>It's essentially the same config at both sides.
>>>
>>>Regards
>>>

>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: slow slow slow! Expert lino fitter Computer Support 5 12-12-2008 04:00 PM
Re: slow slow slow! General Patron Computer Support 0 12-11-2008 11:01 PM
Re: slow slow slow! chuckcar Computer Support 0 12-10-2008 11:25 PM
Re: slow slow slow! Beauregard T. Shagnasty Computer Support 2 12-10-2008 09:03 PM
Re: slow slow slow! Expert lino fitter Computer Support 0 12-10-2008 02:33 PM



Advertisments