VPN Latency is high across the VPN Tunnel

Unanswered Question
May 10th, 2010
User Badges:

My latency from one Cisco 1800 router is very high back to the main Cisco 1800.  When testing latency outside of the vpn, we have better response.  Is there anything I can do with the configuration?  Is there a way to narrow this down to the ISP?  I have an IPSec tunnel.  Routher has 12.3 IOS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Mon, 05/10/2010 - 10:51
User Badges:
  • Red, 2250 points or more

Hi


Can you post out a network diagram of the scenario which you were referring in your post?

It will be easier to understand the problem points and the bottlenecks with a diagram.


regds

kathykooda Mon, 05/10/2010 - 11:06
User Badges:

Remote location is a DSL internet connection and main office is a T1.  Remote location is about 900 miles from main office.  I have been having them do random pings to the main location on three devices:

Inside server at main location so the test is going across the VPN

Public DNS server (so packets are outside of the VPN)

Device at the remote location, to test out local LAN.


When the main office does the same test back to the remote location, our responses are better.  I hope this helps present the picture.  Here is the crypto & policy map:


crypto map ilcomn 1 ipsec-isakmp
  set peer 209.240.247.154
  set transform-set ESP-3DES-SHA
  match address 100
  qos pre-classify


policy-map QoS
  class ef
   priority 240 30000
  class af
   bandwidth 64
  class class-default
   fair-queue
policy-map MQC
  class class-default
   shape average 1900000
   service-policy QoS

Paolo Bevilacqua Mon, 05/10/2010 - 12:17
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

"Very high" like how much?


What delay difference there is by pinging internal and external VPN address ?

kathykooda Tue, 05/11/2010 - 07:19
User Badges:

From 200ms on up...even have hit 700 and above.


Internal LAN < 15 ms consistently.


It's when traffic is going through VPN, we have high numbers.

Actions

This Discussion

Related Content