05-24-2007 12:17 PM - edited 03-05-2019 04:17 PM
Hi,
This is my problem:
-Ive a lmds 4 simetric connection attached to my cisco 1721 with wic 1enet. Downloading from internet and uploading to internet work properly uo tu 450 KB/s, but using a vpn 3des the upload is only up to 50 or 60 KB
Why?
Best regards
Solved! Go to Solution.
05-25-2007 06:32 AM
If it doesn't have a VPN Hardware Accelerator, it will perform encryption using the router's CPU.
If you are using 3DES, I recommend scaling down the DES and see if it helps.
If it doesn't, I recommend getting a router with a VPN Hardware Accelerator.
Can you post a show ver from this router ?
06-04-2007 07:57 AM
Hi,
You have 12.4.5 image and the first release where this bug fixed is 12.4.5a so you have to upgrade to that at least (or later image listed earlier).
Hope it helps,
Krisztian
06-04-2007 09:28 AM
HI,
Try from these ones:
12.4(5a), 12.4(5.13) and 12.4(5.13)T
Krisztian
06-06-2007 11:21 PM
Hi,
As earlier wrote "With VPN module you will be able to encrypt at E1 speed (2Mbps) and establish roughly 100 ipsec tunnels". The ISR routers (850, 870, 1800, 2800, 3800 series) are different things in respect to the IPS/SSL performance since they have totally different hardware architecture. For instance the 870 series maximum 3DES throughput is 30Mbps. I'm afraid you won't be able to take advantage of the 4Mbps line unless you upgrading to new, stronger platform.
Krisztian
05-25-2007 03:07 AM
Do you use only software encryption or you have VPN card in the box?
05-25-2007 06:13 AM
Hi,
The cisco router has,
1 adsl wic
1 1enet wic
32mb standar memory and now (today installed) 64 mb module more.
This device, has been working only with the adsl wic (adsl 4mbps) and worked fine.
Yesterday, we configured the 1enet wic, disabled the adsl wic
When I upload to internet the velocity is up to 400KB but when I upload from the 1721 to a delegation which has a 3mbps adsl only 40KB.. 50KB....
why?
Best regards for fast responding
05-25-2007 06:32 AM
If it doesn't have a VPN Hardware Accelerator, it will perform encryption using the router's CPU.
If you are using 3DES, I recommend scaling down the DES and see if it helps.
If it doesn't, I recommend getting a router with a VPN Hardware Accelerator.
Can you post a show ver from this router ?
05-25-2007 06:50 AM
Hi,
This router stablishes 3 vpn 3des connetions without vpn module.... this router has been working in this way this adsl only connection and worked fine.
Today Ive purchased a vpn module and Ill install it next week.
Can it be the problem?
Is enough an 1721 with 64mb 1enet wic and vpn module?
05-25-2007 07:25 AM
Yes that's the problem.
With VPN module you will be able to encrypt at E1 speed (2Mbps) and establish roughly 100 ipsec tunnels without it I hardly think that you can exceed the 256kbs throughput. If your current IOS does support encryption then you have to just build in the VPN module (you will have to take to pieces the box) and the router will recognize it. After installed the module if you issue the "show version" you will see it.
Hope it helps,
Krisztian
05-25-2007 07:40 AM
1721 IOS Version (using sdm program)
12.4(5)
05-25-2007 10:53 AM
ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)
vpn1 uptime is 6 hours, 1 minute
System returned to ROM by power-on
System image file is "flash:c1700-k9o3sy7-mz.124-5.BIN"
Cisco 1721 (MPC860P) processor (revision 0x300) with 114688K/16384K bytes of mem
ory.
Processor board ID FOC07470APD (213828379), with hardware revision 0000
MPC860P processor: part number 5, mask 2
1 Ethernet interface
1 FastEthernet interface
1 ATM interface
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)
05-25-2007 02:38 PM
Confirmed, thanks.
Yes, I suggest downgrading from 3DES to DES until you upgrade the router and install a VPN module.
BTW, your router has enough memory (128MB RAM) and you mentioned about having 32MB. The 32MB I see in the show ver, reflects to the flash which is the file system that holds your IOS image.
05-26-2007 01:37 AM
05-26-2007 07:29 AM
The input errors on the LAN interface could be due to speed/duplex mismatch. Make sure you are using auto/auto at each of the connection and if the errors persist, start off with 10/Full-Duplex at each end, then 10/Half-Duplex.
If the errors persist, replace the copper connection between devices.
You may also have a bad LAN module in the router so I recommend opening a case with Cisco.
As far as the VPN errors, I can't really tell you much without seeing the actual configuration.
05-26-2007 08:25 AM
Hi,
Changing from full to half will influye in in/out lmds performance?
This is the configuration NOW:
interface Ethernet0
description $ETH-LAN$
ip address ip/mask (hide)
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
full-duplex
crypto map cmap-dele
!
05-26-2007 09:51 AM
Hi,
Yes it does obviously influence the performance, but as long as you have 3M in bith direction the 10M HDX is still more than enough.
Is this lmds device Cisco or what?
If so than enabling cdp on both (your 1721 and on lmds) will show if there is duplex mismatch. If the problem is really due to duplex settings then the other side should see late collision or collision if operating in HDX and your side is in FDX.
I think it is more phisycal related problem so try to change the cable/module.
Krisztian
05-26-2007 11:24 AM
Hi,
Several things:
1? Im waiting for a vpn module I think it will improve the enviroment.
2?The lmds device is a siemens device,we can not do anything with it, only plug and work
3?have you seen the parameter that are configured in the 1enet wic? I have posted them. Are correct?
05-26-2007 11:44 AM
Hi,
As Edison suggested earlier it is wise to configure duplex auto ans speed auto so it will force the device to negotiate the speed and duplex. If you statically configure your interface with full-duplex it is not 100% percent that the lmds will also use full duplex and will lead to duplex mistmatch.
Krisztian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide