«

I guys,

I set up an IPsec tunnel between a PIX525 and a PIX515.

They both are behind routers doing NAT. I did everything needed and tunnel estalishes happily.
Performances are very poor. The final segment closest to 515 is wireless
The scenario is as follows:

PIX525(6.3.4)---router837(12.4.2)*----internet-------(wireless connection)----3620(12.3.15)-----PIX515(7.0.2)

First of all I noticed a very weird thing: monitoring interfaces inside and outside of the 515 while transferring a file
over the VPN the amount rate on the outside is doubled than the inside (the PIX525 is working only for the VPN). That
doesn't happen on 525.
Moreover the 3620 often sees its CPU TIME very high (60/80%).

I thought it was an MTU problem, so I decreased it to 1400 on both out and inside interfaces on 515 down to 1400 and on
outside of the 525 as well.

Moreover, monitoring the traffic, the line drawn has a shape very like to \/\/\/\/ on both the PIXes
Maybe the problem is the 3620 but the shape and performances are the same when once in a while the 3620 CPU is not loaded.

Alex.