Site to Site VPN causes ping timeouts

Discussion in 'Cisco' started by ciscobyte, Sep 24, 2007.

  1. ciscobyte

    ciscobyte

    Joined:
    Sep 24, 2007
    Messages:
    4
    Hi every one.

    I configured site to site ipsec vpn from Cisco ASA55xx appliances, as you know that ASA55xx products have enough processor and memory to support vpn traffic..
    But after the tunnel comes up .. application response get too much slow & when i ping from one side of the tunnel to other side is see too many ping timeouts.. can you tell me what is the most likely cause of the problem and what should id do to resolve the issue..
    I hope you can understand my probelm. and i also hope that you can help me in this.

    Ahmed Ali
     
    ciscobyte, Sep 24, 2007
    #1
    1. Advertising

  2. ciscobyte

    thort

    Joined:
    Sep 26, 2007
    Messages:
    35
    The bandwidth of the vpn is limited by the bw of your internet connection. Maybe your connection is saturated by other (non vpn) traffic using the the total bw and thus available vpn traffic bw is low ? Some applications are bw hungry and work well on a 100MB LAN, but not on a 1MB WAN. Or maybe the server at the other end of the tunnel has a high usage charge and can't respond quickly? Ping (ICMP) can be considered low priority and be dropped in case of high bw usage, or a busy server.

    Check the bw requirements of your application. Is there a way to determine the bw usage of your internet connection at the time you notice the ping time-outs? Make sure you ping from one vpn device to another rather than from one host on remote end to the server on the other side (this eliminates server and or LAN usage problems and focuses just on the tunnel).

    Good luck!
     
    thort, Sep 26, 2007
    #2
    1. Advertising

  3. ciscobyte

    ciscobyte

    Joined:
    Sep 24, 2007
    Messages:
    4
    Dear Thort
    while the time of ping timouts and application timeouts/slow response i do observe the wan link usage through MRTG ,but really i dont see any bandwith saturation i see the wan link usage is no more the 50 % .. as half of the wan link bandwith is free..
    but still timeouts

    ????????
     
    ciscobyte, Sep 27, 2007
    #3
  4. ciscobyte

    ciscobyte

    Joined:
    Sep 24, 2007
    Messages:
    4
    Thort i am here using OSPF as our routing protocol ... i have seen somewhere over the internet that OSPF have some problems with IPSEC or they are in-compatible with each others...
    So do i need some special configurations in case of configuring ipsec in ospf enviourment...
    What do you say about this
     
    ciscobyte, Sep 27, 2007
    #4
  5. ciscobyte

    thort

    Joined:
    Sep 26, 2007
    Messages:
    35
    What I have done in the past is this (in Router IOS only!):

    1. Build the IPSec VPN (no special modifications needed for OSPF)
    2. Build the Tunnel GRE (modify mtu for OSPF in the GRE tunnel).
    3. Run OSPF

    interface Tunnel0
    ip address 192.168.99.2 255.255.255.252
    ip ospf mtu-ignore
    tunnel source FastEthernet0/0.99
    tunnel destination <Public IP>
    crypto map vpn

    As long as the OSPF neighbor relationship establishes and you have OSPF routes in your routing table from that neighbor, your OSPF works.

    As far as your slow response times... bizarre, an ASA should be able to handle lots of traffic, encrypted or otherwise. Did you check the CPU/memory usage in the ASDM at the same to time to eliminate the ASA? Also is your WAN connecion Symetric (i.e. Frame-Relay) or Asymetric (i.e. ADSL)?
     
    Last edited: Sep 27, 2007
    thort, Sep 27, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ed Muller

    Ping Timeouts

    Ed Muller, Oct 31, 2003, in forum: Cisco
    Replies:
    1
    Views:
    6,692
    Walter Roberson
    Nov 3, 2003
  2. Matt
    Replies:
    1
    Views:
    842
    Aaron Leonard
    Feb 17, 2004
  3. Benson
    Replies:
    3
    Views:
    503
    joepena@bellsouth.net
    May 10, 2005
  4. schulz.brad@gmail.com

    What causes first ping to drop?

    schulz.brad@gmail.com, Dec 8, 2006, in forum: Cisco
    Replies:
    6
    Views:
    3,760
    Bod43@hotmail.co.uk
    Dec 11, 2006
  5. pasatealinux
    Replies:
    1
    Views:
    2,104
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page