This is a weird problem. I have a client site with four users going out over a T1, through a firewall, but with public IP addresses. They're hitting a Cisco VPN concentrator on the remote side. The T1 is provided by the company that manages the building they lease space in. Tunnels are client-to-concentrator, rather than a single site-to-site tunnel. The problem doesn't seem to occur on other users of the remote concentrator. Everything worked fine until about a week ago. Now, they can work for a few minutes, then the tunnel starts slowing way down. Sometimes, one user's VPN tunnel usage seems to actually interfere with the other three (the others work fine until he fires up a tunnel).
Building management swears they haven't changed their firewall config, remote site swears the concentrator config wasn't changed. Normally, I would think it was a PC problem, except it started affecting all four users at this site almost simultaneously. T1 bandwidth usage doesn't appear to be over 50% at any time. Any suggestions on how to troubleshoot or what to look for? Could the building's ISP have made a routing change that would have an effect?
Further information has come to light. It now seems that there are other tenants in the building who are having similar issues. It seems more and more likely that the T1 is the culprit, since the building's IT staff allegedly made no network changes.
So, it turns out that these chowderheads in the building IT department really *did* make changes to both their router and their firewall to add traffic shaping. The guy who made the changes is the one who lied right to my face when he said they hadn't touched anything for months. As soon as they backed out the changes, the VPN connections started working again.
You know, my job would be a lot easier if people would give me all the information they have.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...