cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1434
Views
6
Helpful
39
Replies

Lmds 4mbps and slow connection under vpn

edgar-quintana
Level 1
Level 1

Hi,

This is my problem:

-Ive a lmds 4 simetric connection attached to my cisco 1721 with wic 1enet. Downloading from internet and uploading to internet work properly uo tu 450 KB/s, but using a vpn 3des the upload is only up to 50 or 60 KB

Why?

Best regards

4 Accepted Solutions

Accepted Solutions

If it doesn't have a VPN Hardware Accelerator, it will perform encryption using the router's CPU.

If you are using 3DES, I recommend scaling down the DES and see if it helps.

If it doesn't, I recommend getting a router with a VPN Hardware Accelerator.

Can you post a show ver from this router ?

View solution in original post

Hi,

You have 12.4.5 image and the first release where this bug fixed is 12.4.5a so you have to upgrade to that at least (or later image listed earlier).

Hope it helps,

Krisztian

View solution in original post

HI,

Try from these ones:

12.4(5a), 12.4(5.13) and 12.4(5.13)T

Krisztian

View solution in original post

Hi,

As earlier wrote "With VPN module you will be able to encrypt at E1 speed (2Mbps) and establish roughly 100 ipsec tunnels". The ISR routers (850, 870, 1800, 2800, 3800 series) are different things in respect to the IPS/SSL performance since they have totally different hardware architecture. For instance the 870 series maximum 3DES throughput is 30Mbps. I'm afraid you won't be able to take advantage of the 4Mbps line unless you upgrading to new, stronger platform.

Krisztian

View solution in original post

39 Replies 39

kerek
Level 4
Level 4

Do you use only software encryption or you have VPN card in the box?

Hi,

The cisco router has,

1 adsl wic

1 1enet wic

32mb standar memory and now (today installed) 64 mb module more.

This device, has been working only with the adsl wic (adsl 4mbps) and worked fine.

Yesterday, we configured the 1enet wic, disabled the adsl wic

When I upload to internet the velocity is up to 400KB but when I upload from the 1721 to a delegation which has a 3mbps adsl only 40KB.. 50KB....

why?

Best regards for fast responding

If it doesn't have a VPN Hardware Accelerator, it will perform encryption using the router's CPU.

If you are using 3DES, I recommend scaling down the DES and see if it helps.

If it doesn't, I recommend getting a router with a VPN Hardware Accelerator.

Can you post a show ver from this router ?

Hi,

This router stablishes 3 vpn 3des connetions without vpn module.... this router has been working in this way this adsl only connection and worked fine.

Today Ive purchased a vpn module and Ill install it next week.

Can it be the problem?

Is enough an 1721 with 64mb 1enet wic and vpn module?

Yes that's the problem.

With VPN module you will be able to encrypt at E1 speed (2Mbps) and establish roughly 100 ipsec tunnels without it I hardly think that you can exceed the 256kbs throughput. If your current IOS does support encryption then you have to just build in the VPN module (you will have to take to pieces the box) and the router will recognize it. After installed the module if you issue the "show version" you will see it.

Hope it helps,

Krisztian

1721 IOS Version (using sdm program)

12.4(5)

ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)

vpn1 uptime is 6 hours, 1 minute

System returned to ROM by power-on

System image file is "flash:c1700-k9o3sy7-mz.124-5.BIN"

Cisco 1721 (MPC860P) processor (revision 0x300) with 114688K/16384K bytes of mem

ory.

Processor board ID FOC07470APD (213828379), with hardware revision 0000

MPC860P processor: part number 5, mask 2

1 Ethernet interface

1 FastEthernet interface

1 ATM interface

32K bytes of NVRAM.

32768K bytes of processor board System flash (Read/Write)

Confirmed, thanks.

Yes, I suggest downgrading from 3DES to DES until you upgrade the router and install a VPN module.

BTW, your router has enough memory (128MB RAM) and you mentioned about having 32MB. The 32MB I see in the show ver, reflects to the flash which is the file system that holds your IOS image.

Hi,

I have attached a doc file with screenshots of sdm program.

Are the shown error generated by not using vpn module or not using von module and a bad configuration??

Best regards

The input errors on the LAN interface could be due to speed/duplex mismatch. Make sure you are using auto/auto at each of the connection and if the errors persist, start off with 10/Full-Duplex at each end, then 10/Half-Duplex.

If the errors persist, replace the copper connection between devices.

You may also have a bad LAN module in the router so I recommend opening a case with Cisco.

As far as the VPN errors, I can't really tell you much without seeing the actual configuration.

Hi,

Changing from full to half will influye in in/out lmds performance?

This is the configuration NOW:

interface Ethernet0

description $ETH-LAN$

ip address ip/mask (hide)

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly

full-duplex

crypto map cmap-dele

!

Hi,

Yes it does obviously influence the performance, but as long as you have 3M in bith direction the 10M HDX is still more than enough.

Is this lmds device Cisco or what?

If so than enabling cdp on both (your 1721 and on lmds) will show if there is duplex mismatch. If the problem is really due to duplex settings then the other side should see late collision or collision if operating in HDX and your side is in FDX.

I think it is more phisycal related problem so try to change the cable/module.

Krisztian

Hi,

Several things:

1? Im waiting for a vpn module I think it will improve the enviroment.

2?The lmds device is a siemens device,we can not do anything with it, only plug and work

3?have you seen the parameter that are configured in the 1enet wic? I have posted them. Are correct?

Hi,

As Edison suggested earlier it is wise to configure duplex auto ans speed auto so it will force the device to negotiate the speed and duplex. If you statically configure your interface with full-duplex it is not 100% percent that the lmds will also use full duplex and will lead to duplex mistmatch.

Krisztian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: