--- On Fri, 5/28/10, Stephane MAGAND <[email protected]> wrote:
> From: Stephane MAGAND <[email protected]> > Subject: [c-nsp] Problems with a Cisco 2821 and IOS > c2800nm-adventerprisek9_ivs-mz.150-1.M.bin > To: [email protected] > Date: Friday, May 28, 2010, 8:45 PM > Hi > > i have a big problem and request your help ;=) : > > We have a Cisco 2821 with AIM VPN card and 1 Go of memory > connected to internet by gigabits interface. > > On this cisco 2821, i have 7 IPSec/GRE tunnel. On the > remote site, > i have a cisco 1721 and internet access. > > On remote access, when i am fownload on a FTP server, i get > 5 Mbits > full download. When i download on a internal FTP and use > the tunnel, i > download at 68 or 70 Kbits ... very slow .. > > On the same network of the 2821, i have a old 3640, if i > create a > tunnel from 1721 > to 3640, i download at 5 Mbits on internet and ~4 Mbits on > a internal FTP. > > Anyone know if the problems are on the IOS of the cisco > 2821 ? the card AIM-VPN > create a problems ? > > Thanks > for your help > stephane > _______________________________________________ > cisco-nsp mailing listĀ [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ Hi Stephane, Sounds like a fragnemtation/reassembly issue: encrypted fragments being process switched for reassembly before they can be handed to AIM-VPN for decryption. Some things to look at: Are the tunnel MTU's set correcly to account for the IPSEC overhead? What about ip tcp-adj-mss? Is tunnel PMTUD enabled? IsĀ Crypto Map applied only to outbound physical interface? Is IPSEC operating Transport mode or Tunnel mode Perhaps you could post a snippet of your GRE/IPSEC config. ./Randy _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
