IPSEC tunnel with Cisco 876 problem

Unanswered Question
Oct 28th, 2009
User Badges:

Good morning from Greece…

I am new to this forum and happy to see that I can find people that share their interest in networking… So I need your help-advice-opinion PLEASE give it…

I have configured 2 Cisco 876 with an Ipsec tunnel (to communicate over dsl 24/1Mbps)

The matter is that I can ping the edge of my tunnels BUT when I try to copy from Win or ftp I get some errors (see the attachment)…and the transfer is TOO slow…(I have no problem with www)…Please HELP me…

My two networks are and, I use static IPs…

THANK you all


1. sh run

2. sh dsl int atm 0

3. http:[email protected]/4049731432/

(link of the error while transfering)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lgijssel Thu, 10/29/2009 - 07:31
User Badges:
  • Red, 2250 points or more

Two remarks:

1: Your DSL only has an upstream bandwidth of 1Mb. This puts a limit on the VPN transfer speed.

2: You should modify the ACL's to accept all ip traffic from the VPN peer, not just a subset of protocols.



strmarinos Thu, 10/29/2009 - 08:32
User Badges:

thank you Leo,

i know that i have this limited BW but i cant even achive 768kbit/sec while transfering

2. what do u mean?

i use the

access-list 110 permit ip which allows everything... isnt it correct?

3.Do u know what may causes the error (see the link)

4. The mtu size on my Dialer should be 1492?

do u think the configuration is correct?


lgijssel Fri, 10/30/2009 - 01:49
User Badges:
  • Red, 2250 points or more

Replace this:

access-list 102 permit ahp host R.R.R.R any

access-list 102 permit esp host R.R.R.R any

access-list 102 permit udp host R.R.R.R any eq isakmp

access-list 102 permit udp host R.R.R.R any eq non500-isakmp

with this:

access-list 102 permit ip host R.R.R.R host (your-public-ip)

MTU of 1492 should be fine.



strmarinos Fri, 10/30/2009 - 09:36
User Badges:


My new configuration according to Leos advice is in the attachment…

I still have problem with the transfer I increased the throuput (but not yet to max) but I still get errors. Please check the link…thank you all…

lgijssel Mon, 11/02/2009 - 04:52
User Badges:
  • Red, 2250 points or more

This may very well be what it says:

Please check the network adapter settings on the end-nodes to see if perhaps TCP-offload is configured there.

It is not likely that this problem is related to your config because the router typically operates at IP level (layer 3) and does very little with the rest of the packet.




This Discussion