thestagman Mon, 11/26/2007 - 04:49
User Badges:

Hi thanks


for the reply, here is one end of my VPN Site to Site config : -


crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key XXXXXXXX. address X.X.X.X (Docklands Address)


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac


crypto map DCK_FTWR 1 ipsec-isakmp

description Tunnel to X.X.X.X (Docklands Address)

set peer X.X.X.X (Docklands Address)

set transform-set ESP-3DES-SHA

match address 100


access-list 100 remark DCK_FTWR Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip any any


Interface Commands

Int G0/1

crypto map DCK_FTWR

crypto ipsec df-bit clear



I'm not sure about the packet size I will have to investigate. Lets assume they are small so worst case ..


Cheers


bauer.juergen Mon, 11/26/2007 - 06:10
User Badges:

56 byte for esp

20 byte extra for the outer ip header


smallest packet on ethernet(?): 64 byte


so your overhead could be more than 100%


of course you will have big packets on your net as well - for user data, file transfers etc.




Actions

This Discussion