Cisco ASA: VPN behaviour when packet loss is high on WAN

Discussion in 'Cisco' started by Bernd Nies, Apr 17, 2007.

  1. Bernd Nies

    Bernd Nies Guest

    Hi,

    In our site-to-site VPN setup between two ASA's we see the following
    effect: On the internet route from Office A to Office B in another
    country we notice that one of the provider routers in between has 70%
    packet loss or more. In this situation the ASA then drops TCP sessions
    over VPN, i.e. after a telnet login one gets kicked out after a few
    seconds or minutes.

    Previously we had that VPN connection made with a Sonicwall and then
    only the network troughput or response time went slow.

    Is there a way to control this behaviour?

    Thanks in advance.

    Regards,
    Bernd
     
    Bernd Nies, Apr 17, 2007
    #1
    1. Advertising

  2. In article <>,
    Bernd Nies <> wrote:
    >In our site-to-site VPN setup between two ASA's we see the following
    >effect: On the internet route from Office A to Office B in another
    >country we notice that one of the provider routers in between has 70%
    >packet loss or more.


    I wonder if your packets are being dropped as being too large?
    Are you using path MTU detection? Have you tried using the
    tcp mss adjust feature?

    >Previously we had that VPN connection made with a Sonicwall and then
    >only the network troughput or response time went slow.


    It could be that the previous connection used a different encapsulation
    that was just shorter enough to not be a problem on the link.

    For example, if you have isakmp nat-traversal turned on now,
    that probably wasn't present on your prior sonic wall, and so you
    might now have a UDP layer encapsulating an ESP layer encapsulating
    the payload TCP or UDP layer -- overhead build-up!
     
    Walter Roberson, Apr 18, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jamie Orzechowski

    Cisco 2924XL Packet Loss?

    Jamie Orzechowski, Jan 2, 2006, in forum: Cisco
    Replies:
    1
    Views:
    651
    Derick Winkworth
    Jan 2, 2006
  2. Replies:
    4
    Views:
    1,569
  3. Replies:
    1
    Views:
    725
  4. Supti
    Replies:
    0
    Views:
    546
    Supti
    Nov 2, 2007
  5. nibauramos

    Packet loss problem - PPTP VPN

    nibauramos, Jul 27, 2010, in forum: Cisco
    Replies:
    0
    Views:
    1,577
    nibauramos
    Jul 27, 2010
Loading...

Share This Page