09-15-2007 05:16 PM
the topology is very basic one:
[srv]------------------Vlan1--[rt871]--Fa4-------------[pc]
[srv]: 172.16.8.100
hardware: C871(C870-ADVSECURITYK9-M), V12.4(11)T3
The Cisco VPN client is V5.0.00.0340
Configurations:
hostname rt871
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login userlist local
aaa authorization network grouplist local
!
!
aaa session-id common
clock timezone PST -8
ip cef
!
username nepp privilege 15 password 0 cisco
!
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group pe88888
key aafsdfas
dns 204.174.64.1
domain peakclient.com
pool LPOOL_1
acl 199
!
!
crypto ipsec transform-set aessha esp-aes 256 esp-sha-hmac
!
crypto dynamic-map dynmap1 1
set transform-set aessha
!
!
crypto map cmap1 client authentication list userlist
crypto map cmap1 isakmp authorization list grouplist
crypto map cmap1 client configuration address respond
crypto map cmap1 1 ipsec-isakmp dynamic dynmap1
!
!
!
interface FastEthernet4
ip address 207.x.x.27 255.255.255.240
duplex auto
speed auto
crypto map cmap1
!
interface Vlan1
ip address 172.16.8.1 255.255.255.0
!
ip local pool LPOOL_1 172.16.5.100 172.16.5.199
ip route 0.0.0.0 0.0.0.0 207.12.2.30
!
no ip http server
no ip http secure-server
!
access-list 199 permit ip 172.16.8.0 0.0.0.255 any
!
end
Problem: the [pc] connected VPN, got IP, while pinging [srv], 35-40% packet were lost. Every local physical connection and ip connection is good.
09-20-2007 01:53 PM
One of the reason for slow speed could CEF being enabled. Try disabling CEF and check the packet loss.
09-20-2007 02:15 PM
Is the command "no ip cef" in global configuration mode?
Thank you very much.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: