IP CEF and VPNs.

Discussion in 'Cisco' started by AM, Apr 11, 2006.

  1. AM

    AM Guest

    Hello,

    I built a VPN like other dozens I did between a PIX and Cisco 837/877.
    For one of them users behind reported that speed was very good but the VPN. I noticed that as I compared the access time
    using the public IP and the loopback interface through the VPN. The first access didn't freeze the router while the
    second made the CPU load go to the maximum.
    I sorted the problem out disabling the CEF feature. But CEF is enabled on all the other router which don't bring me
    troubles.

    Does anyone know the reason why CEF could be an obstacle to speed through the VPN?

    Thanks a lot?

    Alex.
     
    AM, Apr 11, 2006
    #1
    1. Advertising

  2. AM

    opensource Guest

    Cef has always been a problem with VPN tunnels. I've had cases where no
    traffic would flow or it would be sporadic like only http would flow.
    Either way, I made it a habit of setting the following on an interface
    with a crypto map when I run into weird vpn issues.

    No ip route-cache
    no ip mroute-cache


    --
    opensource
    ------------------------------------------------------------------------
    opensource's Profile: http://www.CertificationChat.com/member.php?userid=67
    View this thread: http://www.CertificationChat.com/showthread.php?t=8035
     
    opensource, Apr 11, 2006
    #2
    1. Advertising

  3. AM

    Guest

    Disabling CEF to isolate and debug the problem is a good idea. But
    disabling it permanently is usually not a good idea because that might
    cause packets to be process switched and that will cause very high cpu
    utilization and other consequent problems.

    If you do run into a problem that only happens when CEF is enabled, it
    is likely a software bug and you should try and upgrade to a later
    version that has a fix.

    Cisco da Gama
    http://ciscostudy.blogspot.com
     
    , Apr 14, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Advanced Guides: VPNs and Internet Connection Security

    Silverstrand, Nov 12, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    652
    Silverstrand
    Nov 12, 2005
  2. ETLALAR
    Replies:
    2
    Views:
    885
    Jesper Skriver
    Jan 19, 2004
  3. MG

    PIX501 and VPNs

    MG, Apr 6, 2004, in forum: Cisco
    Replies:
    3
    Views:
    447
  4. Kilgore Troute
    Replies:
    1
    Views:
    2,340
    Martin Bilgrav
    Aug 26, 2004
  5. comp.dcom.sys.cisco

    HARDWARE cef or SOFTWARE cef ?

    comp.dcom.sys.cisco, Mar 22, 2006, in forum: Cisco
    Replies:
    2
    Views:
    3,353
    comp.dcom.sys.cisco
    Mar 23, 2006
Loading...

Share This Page