IPSEC tunnel with Cisco 876 problem

Unanswered Question
Oct 28th, 2009

Good morning from Greece…

I am new to this forum and happy to see that I can find people that share their interest in networking… So I need your help-advice-opinion PLEASE give it…

I have configured 2 Cisco 876 with an Ipsec tunnel (to communicate over dsl 24/1Mbps)

The matter is that I can ping the edge of my tunnels BUT when I try to copy from Win or ftp I get some errors (see the attachment)…and the transfer is TOO slow…(I have no problem with www)…Please HELP me…

My two networks are 192.168.1.0/24 and 192.168.2.1/24, I use static IPs…

THANK you all

Attachments

1. sh run

2. sh dsl int atm 0

3. http:[email protected]/4049731432/

(link of the error while transfering)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Thu, 10/29/2009 - 07:31

Two remarks:

1: Your DSL only has an upstream bandwidth of 1Mb. This puts a limit on the VPN transfer speed.

2: You should modify the ACL's to accept all ip traffic from the VPN peer, not just a subset of protocols.

regards,

Leo

strmarinos Thu, 10/29/2009 - 08:32

thank you Leo,

i know that i have this limited BW but i cant even achive 768kbit/sec while transfering

2. what do u mean?

i use the

access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 which allows everything... isnt it correct?

3.Do u know what may causes the error (see the link)

4. The mtu size on my Dialer should be 1492?

do u think the configuration is correct?

THANK YOU

lgijssel Fri, 10/30/2009 - 01:49

Replace this:

access-list 102 permit ahp host R.R.R.R any

access-list 102 permit esp host R.R.R.R any

access-list 102 permit udp host R.R.R.R any eq isakmp

access-list 102 permit udp host R.R.R.R any eq non500-isakmp

with this:

access-list 102 permit ip host R.R.R.R host (your-public-ip)

MTU of 1492 should be fine.

regards,

Leo

strmarinos Fri, 10/30/2009 - 09:36

Well,

My new configuration according to Leos advice is in the attachment…

I still have problem with the transfer I increased the throuput (but not yet to max) but I still get errors. Please check the link…thank you all…

lgijssel Mon, 11/02/2009 - 04:52

This may very well be what it says:

Please check the network adapter settings on the end-nodes to see if perhaps TCP-offload is configured there.

It is not likely that this problem is related to your config because the router typically operates at IP level (layer 3) and does very little with the rest of the packet.

regards,

Leo

Actions

This Discussion