Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

50% Packet Lost VPN Site 2 Site

I have sucessfully stablished the VPN tunnel between the two sites. Also I am able to do a ping test to both Routers Inside Interface with 100% success, but when I try to ping another device I got packets lost 50%.

I am Using a 871 and a 1841 Both on DSL on 512 upstream.

  • Other Security Subjects
12 REPLIES
New Member

Re: 50% Packet Lost VPN Site 2 Site

Hello.

I assume you mean the following

From LAN side on 871 - ping to router 871 100%

From LAn on 871 - ping to router 1841 50% loss.

From LAN side on 1841 - ping to router 1841 100%

Is it possible to confirm that a ping from the 1841 external interface to the 871 external interface does not drop packets?

Its easy to not drop packets on the internal interface. The DSL maybe indicative of service issues. Is the DSl symetrical?

New Member

Re: 50% Packet Lost VPN Site 2 Site

Well let me explain better.

When I ping the router interface on either of the LANs it works well.

Also if I do a telnet on the router:

ping 192.168.100.254 source 192.168.1.254;

a ping between the routers via the VPN, I get 100% replys.

When I try to ping from a station(LAN) to a station on the other site is when I get 50% - 40% loss.

I have a paradyne modem from the ISP doing a DMZ to the 871 and the 1841 have a WIC adsl.

The Internet conection is Asymetrical DSL.

New Member

Re: 50% Packet Lost VPN Site 2 Site

MTU size of the pings? Can you test with differing sizes?

New Member

Re: 50% Packet Lost VPN Site 2 Site

This is the actual screen on the station on one of the sites. The 192.168.1.254 is the remote site inside interface address. The Maximun Size without Framenting is 1370 but still I got some packet loss.

Pinging 192.168.1.254 with 1370 bytes of data:

Reply from 192.168.1.254: bytes=1370 time=136ms TTL=254

Request timed out.

Reply from 192.168.1.254: bytes=1370 time=143ms TTL=254

Request timed out.

Ping statistics for 192.168.1.254:

Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 136ms, Maximum = 143ms, Average = 139ms.

This is the ping from router a inside Interface to router b inside interface:

Sending 5, 1370-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:

Packet sent with a source address of 192.168.100.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

New Member

Re: 50% Packet Lost VPN Site 2 Site

You'll need to confirm MTU sizing for each interface.

make sure you have no issues with performance from the local host to the local router.

New Member

Re: 50% Packet Lost VPN Site 2 Site

The perfomarce on from the local to the router on both sites are fine.

When you mean MTU on interfaces, are the interfaces the inside or outside? On the ATM or Dialer.

New Member

Re: 50% Packet Lost VPN Site 2 Site

ATM and dialer

New Member

Re: 50% Packet Lost VPN Site 2 Site

ATM0/0/0:

MTU 4470, Sub MTU 1300.

Dialer0:

MTU 1500

Should I change de MTU to 1370 on the 1841 ATM and Dialer0?

New Member

Re: 50% Packet Lost VPN Site 2 Site

yes.

check each end.

469
Views
5
Helpful
12
Replies