thestagman Mon, 11/26/2007 - 04:49
User Badges:

Hi thanks

for the reply, here is one end of my VPN Site to Site config : -

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto map DCK_FTWR 1 ipsec-isakmp

description Tunnel to X.X.X.X (Docklands Address)

set peer X.X.X.X (Docklands Address)

set transform-set ESP-3DES-SHA

match address 100

access-list 100 remark DCK_FTWR Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip any any

Interface Commands

Int G0/1

crypto map DCK_FTWR

crypto ipsec df-bit clear

I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..


bauer.juergen Mon, 11/26/2007 - 06:10
User Badges:

56 byte for esp

20 byte extra for the outer ip header

smallest packet on ethernet(?): 64 byte

so your overhead could be more than 100%

of course you will have big packets on your net as well - for user data, file transfers etc.


This Discussion