Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA: VPN behaviour when packet loss is high on WAN

Reply
Thread Tools

Cisco ASA: VPN behaviour when packet loss is high on WAN

 
 
Bernd Nies
Guest
Posts: n/a
 
      04-17-2007
Hi,

In our site-to-site VPN setup between two ASA's we see the following
effect: On the internet route from Office A to Office B in another
country we notice that one of the provider routers in between has 70%
packet loss or more. In this situation the ASA then drops TCP sessions
over VPN, i.e. after a telnet login one gets kicked out after a few
seconds or minutes.

Previously we had that VPN connection made with a Sonicwall and then
only the network troughput or response time went slow.

Is there a way to control this behaviour?

Thanks in advance.

Regards,
Bernd

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      04-18-2007
In article <(E-Mail Removed) .com>,
Bernd Nies <(E-Mail Removed)> wrote:
>In our site-to-site VPN setup between two ASA's we see the following
>effect: On the internet route from Office A to Office B in another
>country we notice that one of the provider routers in between has 70%
>packet loss or more.


I wonder if your packets are being dropped as being too large?
Are you using path MTU detection? Have you tried using the
tcp mss adjust feature?

>Previously we had that VPN connection made with a Sonicwall and then
>only the network troughput or response time went slow.


It could be that the previous connection used a different encapsulation
that was just shorter enough to not be a problem on the link.

For example, if you have isakmp nat-traversal turned on now,
that probably wasn't present on your prior sonic wall, and so you
might now have a UDP layer encapsulating an ESP layer encapsulating
the payload TCP or UDP layer -- overhead build-up!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet loss problem - PPTP VPN nibauramos Cisco 0 07-27-2010 12:37 AM
WAN packet loss/latency bigbrorpi@gmail.com Cisco 1 04-25-2006 02:19 AM
High Packet Loss with Catalyst 2950 ppgmd1032@gmail.com Cisco 4 01-19-2006 06:26 PM
Cisco 2924XL Packet Loss? Jamie Orzechowski Cisco 1 01-02-2006 07:08 PM
Need to securely connect workstations on another WAN to my WAN kev Cisco 4 11-17-2003 01:55 AM



Advertisments