Packet loss problem - PPTP VPN

Discussion in 'Cisco' started by nibauramos, Jul 27, 2010.

  1. nibauramos


    Mar 23, 2010
    Hello, I'm posting this has a copy of a question I left at Cisco Support Foruns, I appreciate all the help anyone can give:

    I'm having some problem with a Cisco 1801, this router is at the edge of a small network, this network has only about 16 users, and the router makes only some basic ip filtering, NAT, and terminates PPTP tunnels for when workers are at home and need to access internal ressources.This router seemed to be working just fine, I say seemed because I never used the VPN feature on this network a lot after it was first configured, however, now users are complaining that they can't work over the VPN.

    What happens is that I first connect to the VPN from my place all seems to be working, but after 30 seconds depending on the load I put in the connection, packets start to get droped and eventually all traffic starts to fail.

    I did some debugging I and found that after connecting the VPN this starts to show up a lot in the routers logs:

    MPPE: missed 1 key changes, recomputing

    This message shows a lot sometimes saying 1 key change, sometimes 2, 3 key changes.

    When I saw this I disabled MPPE leaving the VPN with no encryption just to see how it worked, there where improvement's but I have to admit I am quite disappointed with them.

    Without the encryption that messages stopped appearing but performance and dropped packets are still there, for example:

    - I connected my laptop to the internet with an external connection;

    - I started in my laptop the following actions:
    ping (one of Google public DNS servers always a good network connectivity test)
    ping (an server in my internal network, needs to go through the VPN to get to it)
    ping -f (the public IP address of the router where I am experiencing problems)

    As soon as I start this, ping works like a charm, my Internet connection does not drop a single packet for Google, ping fails because VPN is still not launched and ping -f also works great, I'm flooding hundreds of packets to my routers public address and I register practically no packet loss.

    then..... I launch VPN (PPTP w/MSCHAP), it authenticates ok, and the ping starts working, everything seems ok, then I:
    ping -f (internal address of my router, now accessible through the VPN tunnel)
    and I start getting lots of packet loss in this ping, 30% sometimes a lot more.

    - I checked CPU utilization with show processes CPU and it never gets higher than 6%;
    - Checked all network interfaces and none registers errors, or dropped packets, my FastEthernet 0 only registers some unknown protocols drops;

    I think that the problems is either in my configuration or in the router itself. Before we had this VPN using PPTP we were using OpenVPN terminating in a server inside the network, even though we don't use it anymore I still haven't disabled it, sooo... I disconnect from the new VPN, and connect through the OpenVPN and repeat the same tests and everything works great.... I flood the network with pings and practically no drops are registered.... sometimes 1% of packet drops, very acceptable.

    Is this an expected behavior from such a router? Now I have left it with no encryption, it is not the solution I want of course, but with no encryption it drops some packets but I is usable, with the encryption working over the VPN is practically impossible.

    I attached the output from show running and show version, In the show running there are some additional sections for one other ipsec tunnel this router should manage, but for simplicity I have disabled it because it was not being used. Even though the ipsec keys exist they are not applied to any interface.

    Appreciate all the help!

    Thank you

    Attached Files:

    nibauramos, Jul 27, 2010
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike S

    wireless connection and packet loss problem

    Mike S, Sep 18, 2004, in forum: Wireless Networking
    Mike S
    Sep 18, 2004
  2. Loren Amelang
    Feb 7, 2005

    Network traffic problem ---- packet loss, Oct 12, 2005, in forum: Cisco
    Oct 31, 2005
  4. Bernd Nies
    Walter Roberson
    Apr 18, 2007
  5. Zed

Share This Page