GRE/IPSec tunnel problems with Vista/Win7

Unanswered Question
Jul 20th, 2009
User Badges:

I have an IPSec encrypted GRE tunnel between two LANs that has worked great for literally years. Recently we started adding Windows Vista and Windows 7 machines to the mix. The new Vista and Win7 machines have TERRIBLE performance across the WAN/tunnel. I have tried using "ip mtu" and "tcp adjust-mss" commands on the routers LAN and tunnel interfaces (and also messed with MTU and MTUDiscovery on the machines themselves) but I haven't managed to get the Vista and Win7 machines to work as well as the XP and 2003 machines. Anybody have any ideas?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Istvan_Rabai Mon, 07/20/2009 - 12:02
User Badges:
  • Gold, 750 points or more

Are you sure the problem is with fragmentation of packets?

In your place I would do a packet capture analysis or packet debug first to see what is exactly happening there.



Joseph W. Doherty Mon, 07/20/2009 - 12:42
User Badges:
  • Super Bronze, 10000 points or more

Microsoft implemented a "NextGen" stack, starting with Vista. I don't recall anything specific with tunnels, but network interaction can be quite different (of course, all for the better [at least that's the intent]).

You might want to review both Microsoft and Cisco for "known" behavior differences and see if any apply to your experience. I know for Vista, there's a couple of configuration settings to make it behave more like XP. Again, whether any of this is specific for tunnels, don't know.

DIEGO ALONSO Tue, 07/21/2009 - 16:21
User Badges:

After more testing it seems like the bad WAN performance is not limited to the tunnels. All WAN traffic is slow from the Vista and Win7 machines. I'll look into configuring Vista like XP.




This Discussion