slow VPN

Discussion in 'Cisco' started by Robin Peters, May 4, 2005.

  1. Robin Peters

    Robin Peters Guest

    Hi, I've got a GRE tunnel across the internet, end devices are both cisco
    2600's with wic-1adsl, it's pppoATM. The problem is that I only get about
    half the badwidth through the link that I'd excpect. If I upload data for
    several hours it goes at 120k, but I can upload to the internet at 250 ish.

    Here's the config below, any suggestions? memory and cpu seem to be fine.

    ip address 10.255.0.1 255.255.255.252
    ip mtu 1408
    ip hello-interval eigrp 10 60
    ip hold-time eigrp 10 600
    ip tcp adjust-mss 1200
    tunnel source Dialer2
    tunnel destination 84.*.*.*
    tunnel key 77056
    tunnel protection ipsec profile ISC_IPSEC_PROFILE_1

    crypto isakmp policy 3
    authentication pre-share
    group 2
    crypto isakmp key *********** address 84.*.*.*
    !
    crypto ipsec security-association lifetime seconds 10000
    !
    crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
    !
    crypto ipsec profile ISC_IPSEC_PROFILE_1
    set transform-set ISC_TS_1


    It's essentially the same config at both sides.

    Regards
     
    Robin Peters, May 4, 2005
    #1
    1. Advertising

  2. Robin Peters

    Nick Guest

    What version of 2600? XM or the older model. Do you have an onboard
    encryption card?

    I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a
    DS3). Most of the remote locations used 2600's with Basic onboard
    encryption cards and I never noticed a problem with throughput. I
    interviewed at a place a few weeks back and the manager was complaining
    that the 2600's would max out at 128k WITHOUT encryption cards.

    Robin Peters wrote:
    > Hi, I've got a GRE tunnel across the internet, end devices are both cisco
    > 2600's with wic-1adsl, it's pppoATM. The problem is that I only get about
    > half the badwidth through the link that I'd excpect. If I upload data for
    > several hours it goes at 120k, but I can upload to the internet at 250 ish.
    >
    > Here's the config below, any suggestions? memory and cpu seem to be fine.
    >
    > ip address 10.255.0.1 255.255.255.252
    > ip mtu 1408
    > ip hello-interval eigrp 10 60
    > ip hold-time eigrp 10 600
    > ip tcp adjust-mss 1200
    > tunnel source Dialer2
    > tunnel destination 84.*.*.*
    > tunnel key 77056
    > tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
    >
    > crypto isakmp policy 3
    > authentication pre-share
    > group 2
    > crypto isakmp key *********** address 84.*.*.*
    > !
    > crypto ipsec security-association lifetime seconds 10000
    > !
    > crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
    > !
    > crypto ipsec profile ISC_IPSEC_PROFILE_1
    > set transform-set ISC_TS_1
    >
    >
    > It's essentially the same config at both sides.
    >
    > Regards
    >
    >
     
    Nick, May 4, 2005
    #2
    1. Advertising

  3. Robin Peters

    Robin Peters Guest

    Hi Nick,

    One of them is a 2600xm and the other the older type. Neither has an
    encryption card. Maybe just a limitation eh? I've just downgraded it from
    3des to des and the results look pretty much the same... but then to be
    expected as there were no cpu issues anyway.

    Ah well.

    "Nick" <> wrote in message
    news:706ee.990$...
    > What version of 2600? XM or the older model. Do you have an onboard
    > encryption card?
    >
    > I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a DS3).
    > Most of the remote locations used 2600's with Basic onboard encryption
    > cards and I never noticed a problem with throughput. I interviewed at a
    > place a few weeks back and the manager was complaining that the 2600's
    > would max out at 128k WITHOUT encryption cards.
    >
    > Robin Peters wrote:
    >> Hi, I've got a GRE tunnel across the internet, end devices are both cisco
    >> 2600's with wic-1adsl, it's pppoATM. The problem is that I only get
    >> about half the badwidth through the link that I'd excpect. If I upload
    >> data for several hours it goes at 120k, but I can upload to the internet
    >> at 250 ish.
    >>
    >> Here's the config below, any suggestions? memory and cpu seem to be
    >> fine.
    >>
    >> ip address 10.255.0.1 255.255.255.252
    >> ip mtu 1408
    >> ip hello-interval eigrp 10 60
    >> ip hold-time eigrp 10 600
    >> ip tcp adjust-mss 1200
    >> tunnel source Dialer2
    >> tunnel destination 84.*.*.*
    >> tunnel key 77056
    >> tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
    >>
    >> crypto isakmp policy 3
    >> authentication pre-share
    >> group 2
    >> crypto isakmp key *********** address 84.*.*.*
    >> !
    >> crypto ipsec security-association lifetime seconds 10000
    >> !
    >> crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
    >> !
    >> crypto ipsec profile ISC_IPSEC_PROFILE_1
    >> set transform-set ISC_TS_1
    >>
    >>
    >> It's essentially the same config at both sides.
    >>
    >> Regards
    >>
     
    Robin Peters, May 4, 2005
    #3
  4. Robin Peters

    Nick Guest

    I have a couple of 2600's in my garage. I'll yank the encryption cards
    and see how it runs.

    Robin Peters wrote:
    > Hi Nick,
    >
    > One of them is a 2600xm and the other the older type. Neither has an
    > encryption card. Maybe just a limitation eh? I've just downgraded it from
    > 3des to des and the results look pretty much the same... but then to be
    > expected as there were no cpu issues anyway.
    >
    > Ah well.
    >
    > "Nick" <> wrote in message
    > news:706ee.990$...
    >
    >>What version of 2600? XM or the older model. Do you have an onboard
    >>encryption card?
    >>
    >>I ran a 70+ site GRE VPN using 384k SDSL and T1's (terminating to a DS3).
    >>Most of the remote locations used 2600's with Basic onboard encryption
    >>cards and I never noticed a problem with throughput. I interviewed at a
    >>place a few weeks back and the manager was complaining that the 2600's
    >>would max out at 128k WITHOUT encryption cards.
    >>
    >>Robin Peters wrote:
    >>
    >>>Hi, I've got a GRE tunnel across the internet, end devices are both cisco
    >>>2600's with wic-1adsl, it's pppoATM. The problem is that I only get
    >>>about half the badwidth through the link that I'd excpect. If I upload
    >>>data for several hours it goes at 120k, but I can upload to the internet
    >>>at 250 ish.
    >>>
    >>> Here's the config below, any suggestions? memory and cpu seem to be
    >>>fine.
    >>>
    >>>ip address 10.255.0.1 255.255.255.252
    >>> ip mtu 1408
    >>> ip hello-interval eigrp 10 60
    >>> ip hold-time eigrp 10 600
    >>> ip tcp adjust-mss 1200
    >>> tunnel source Dialer2
    >>> tunnel destination 84.*.*.*
    >>> tunnel key 77056
    >>> tunnel protection ipsec profile ISC_IPSEC_PROFILE_1
    >>>
    >>>crypto isakmp policy 3
    >>> authentication pre-share
    >>> group 2
    >>>crypto isakmp key *********** address 84.*.*.*
    >>>!
    >>>crypto ipsec security-association lifetime seconds 10000
    >>>!
    >>>crypto ipsec transform-set ISC_TS_1 esp-3des esp-sha-hmac
    >>>!
    >>>crypto ipsec profile ISC_IPSEC_PROFILE_1
    >>> set transform-set ISC_TS_1
    >>>
    >>>
    >>>It's essentially the same config at both sides.
    >>>
    >>>Regards
    >>>

    >
    >
     
    Nick, May 5, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Expert lino fitter

    Re: slow slow slow!

    Expert lino fitter, Dec 10, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    708
    Expert lino fitter
    Dec 10, 2008
  2. Expert lino fitter

    Re: slow slow slow!

    Expert lino fitter, Dec 10, 2008, in forum: Computer Support
    Replies:
    5
    Views:
    714
    Expert lino fitter
    Dec 12, 2008
  3. Beauregard T. Shagnasty

    Re: slow slow slow!

    Beauregard T. Shagnasty, Dec 10, 2008, in forum: Computer Support
    Replies:
    2
    Views:
    729
    Shel-hed
    Dec 10, 2008
  4. chuckcar

    Re: slow slow slow!

    chuckcar, Dec 10, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    584
    chuckcar
    Dec 10, 2008
  5. General Patron

    Re: slow slow slow!

    General Patron, Dec 11, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    564
    General Patron
    Dec 11, 2008
Loading...

Share This Page