03-08-2007 01:02 AM
Hi,
Since a couple of weeks i'm seeing degraded services on my 3030 concentrator (1 SEP). It will result in big packets being dropped (1500 bytes), i first suspected the internet circuit but after troubleshooting the private interface i see the packets already being dropped at the private interface. I have about 100 sessions coming from 3002 HW clients in extension mode. My worries are that 1 sep might not be enough for the session, but i'm unable to find information to confirm this.
The only changes made since it went into production are that we are only adding more and more these days.
Hope you guys can help me sort this one.
03-08-2007 01:59 AM
100 sessions on a 3030 is far less than its max session capability.
You mentioned Private Interface is dropping the large packets, have you tried clearing DF bit on Private interface ?
A good way to find out the largest packet size that can be passed is to use the PING utility as follows:
ping -f -l
f = do not fragment
l = packet length.
For example: ping -f -l 1400 10.10.32.4
Configuration--->Interfaces--Privt Intf---> Public Intf Fragmentation Policy
Select the third option.
Note: Chaging the policy on any of the interface will tear down the existing sessions.
You might wanna take a look at :
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_7/config/interfac.htm#wp1055888
*Please rate if it helped.
-Kanishka
03-08-2007 02:37 AM
Hi Kanishka, thanks for the tips but i do not think fragmentation being the issue, during a day it will not drop packets for several hours, but at certain times it will do (i suspect when there is a lot of traffic going thru the concentrator).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide