50% Packet Lost VPN Site 2 Site

Unanswered Question
Jul 10th, 2007
User Badges:

I have sucessfully stablished the VPN tunnel between the two sites. Also I am able to do a ping test to both Routers Inside Interface with 100% success, but when I try to ping another device I got packets lost 50%.

I am Using a 871 and a 1841 Both on DSL on 512 upstream.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


I assume you mean the following

From LAN side on 871 - ping to router 871 100%

From LAn on 871 - ping to router 1841 50% loss.

From LAN side on 1841 - ping to router 1841 100%

Is it possible to confirm that a ping from the 1841 external interface to the 871 external interface does not drop packets?

Its easy to not drop packets on the internal interface. The DSL maybe indicative of service issues. Is the DSl symetrical?

esspr2006 Tue, 07/10/2007 - 20:07
User Badges:

Well let me explain better.

When I ping the router interface on either of the LANs it works well.

Also if I do a telnet on the router:

ping source;

a ping between the routers via the VPN, I get 100% replys.

When I try to ping from a station(LAN) to a station on the other site is when I get 50% - 40% loss.

I have a paradyne modem from the ISP doing a DMZ to the 871 and the 1841 have a WIC adsl.

The Internet conection is Asymetrical DSL.

esspr2006 Tue, 07/10/2007 - 20:34
User Badges:

This is the actual screen on the station on one of the sites. The is the remote site inside interface address. The Maximun Size without Framenting is 1370 but still I got some packet loss.

Pinging with 1370 bytes of data:

Reply from bytes=1370 time=136ms TTL=254

Request timed out.

Reply from bytes=1370 time=143ms TTL=254

Request timed out.

Ping statistics for

Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 136ms, Maximum = 143ms, Average = 139ms.

This is the ping from router a inside Interface to router b inside interface:

Sending 5, 1370-byte ICMP Echos to, timeout is 2 seconds:

Packet sent with a source address of


Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

esspr2006 Tue, 07/10/2007 - 20:50
User Badges:

The perfomarce on from the local to the router on both sites are fine.

When you mean MTU on interfaces, are the interfaces the inside or outside? On the ATM or Dialer.

esspr2006 Tue, 07/10/2007 - 21:00
User Badges:


MTU 4470, Sub MTU 1300.


MTU 1500

Should I change de MTU to 1370 on the 1841 ATM and Dialer0?

esspr2006 Tue, 07/10/2007 - 21:17
User Badges:

I already changed on the 1841, still the same but I need to change it on the 871 and also may need to check the paradyne modem of the ISP on the midle it can include some misteries to the issues.

esspr2006 Thu, 07/12/2007 - 04:28
User Badges:

I tried to change the MTU on the Cisco 871 but I can't is seem the MTU can't be change on these Router.

I tried on the interface and on the vlan.

guibarati Wed, 07/18/2007 - 04:05
User Badges:
  • Bronze, 100 points or more

It's an IOS bug, you can make a test and disable IP CEF, usually it works, but it's only a workaround to get it working for real upgrade the IOS.

Rate if helps...


This Discussion