degraded performance VPN clients in network extension mode

Unanswered Question
Mar 8th, 2007

Hi,

Since a couple of weeks i'm seeing degraded services on my 3030 concentrator (1 SEP). It will result in big packets being dropped (1500 bytes), i first suspected the internet circuit but after troubleshooting the private interface i see the packets already being dropped at the private interface. I have about 100 sessions coming from 3002 HW clients in extension mode. My worries are that 1 sep might not be enough for the session, but i'm unable to find information to confirm this.

The only changes made since it went into production are that we are only adding more and more these days.

Hope you guys can help me sort this one.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kaachary Thu, 03/08/2007 - 01:59

100 sessions on a 3030 is far less than its max session capability.

You mentioned Private Interface is dropping the large packets, have you tried clearing DF bit on Private interface ?

A good way to find out the largest packet size that can be passed is to use the PING utility as follows:

ping -f -l , where

f = do not fragment

l = packet length.

For example: ping -f -l 1400 10.10.32.4

Configuration--->Interfaces--Privt Intf---> Public Intf Fragmentation Policy

Select the third option.

Note: Chaging the policy on any of the interface will tear down the existing sessions.

You might wanna take a look at :

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/interfac.htm#wp1055888

*Please rate if it helped.

-Kanishka

ivo.van.den.heuvel Thu, 03/08/2007 - 02:37

Hi Kanishka, thanks for the tips but i do not think fragmentation being the issue, during a day it will not drop packets for several hours, but at certain times it will do (i suspect when there is a lot of traffic going thru the concentrator).

Actions

This Discussion