And would like to understand the relation between 'bits/sec' and 'packets/sec'.
Basically i have two sites running an IPSEC between them, (crypto map is configured on the WAN interfaces. So as an example the moment i push traffic from the LAN it gets encrypted and goes through to the other side through the point to point WAN as encrypted.
When i use the: 'show interface fa0/1 (LAN interface) & the fa 0/0 (WAN interface)' i noticed that the 'packets/sec' is double on the WAN than on the LAN. What i understand is that is could be from the encryption happening due to the IPSEC. But when i check the 'bits/sec' on both fa0/1(LAN) & fa0/0 (WAN) the ratio in not double. it is about 11.3%..I tried this for different B.W's being pushed from the LAN using a traffic generator, and i still get the same ratio for both 'bits/sec;11.3% overhead' & 'packets/sec;50% overhead'.
I believe that the behavior perhaps reflects the impact of IPSec with extra header information causing fragmentation of packets. When processing IPSec it adds extra header information for each packet. I suspect that the 11.3% probably reflects the extra header information. If the original packets were near maximum size and you add extra header information then it is likely that the packets will be fragmented for transmission. The doubling of the number of packets may well be that each packet is fragmented because of the extra header included causing every packet from the inside interface resulting in two packets on the outside interface.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :