Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1720 with CBAC and VPN connection via ethernet outside to the internet

For a vpn connection we have a 1720 with CBAC connected to the internet via an ethernet interface to an SDLC modem (2Mbit/s). Activating a full set of inspection rules performance to the internet slows down from 200 kByte/s to 2-5 kByte/s, many timeouts and output errors on the ethernet interface occur.

Omitting the http inspection, performance returns to 200 kByte/s, with less output errors and timeouts.

This happened with images from 12.1-5YB1 to 12.2-4.T1. This problem is at TAC since Nov. 2001 and no solution up to now.

Does anybody an idea about this problem or does anybody experience this problem too?

5 REPLIES
New Member

Re: 1720 with CBAC and VPN connection via ethernet outside to th

It sounds like you might be overworking the 1700. I’m sure the TAC has looked at memory and CPU but if not, take a look. You might need to upgrade your router, not the IOS.

Cisco Employee

Re: 1720 with CBAC and VPN connection via ethernet outside to th

Try to lessen the inspection rules, and also are you doing some form of IDS loggin as well? If you do,

take it. CPU might be too busy to process all of this (show cpu util and processes would show this).

New Member

Re: 1720 with CBAC and VPN connection via ethernet outside to th

thanks for your reply!

its definitely no problem of cpu load.

i forgot to mention, that this effect doesn't exist at all when using a serial interface to the internet.

cisco is obviously (i hope) working on that problem, because i get e-mails of CE-pend since about 4 weeks, but no solution!

Bronze

Re: 1720 with CBAC and VPN connection via ethernet outside to th

With http inspection, IOS FW looks for any embadded java applets. This process utilizes the resources on the router. I am just wondering if Java filtering is something that you are looking for?

Jazib

New Member

Re: 1720 with CBAC and VPN connection via ethernet outside to th

thanks for your reply!

its definitely no problem of cpu load.

i forgot to mention, that this effect doesn't exist at all when using a serial interface to the internet.

cisco is obviously (i hope) working on that problem, because i get e-mails of CE-pend since about 4 weeks, but no solution!

110
Views
0
Helpful
5
Replies