cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
893
Views
0
Helpful
7
Replies

IPSEC tunnel with Cisco 876 problem

strmarinos
Level 1
Level 1

Good morning from Greece…

I am new to this forum and happy to see that I can find people that share their interest in networking… So I need your help-advice-opinion PLEASE give it…

I have configured 2 Cisco 876 with an Ipsec tunnel (to communicate over dsl 24/1Mbps)

The matter is that I can ping the edge of my tunnels BUT when I try to copy from Win or ftp I get some errors (see the attachment)…and the transfer is TOO slow…(I have no problem with www)…Please HELP me…

My two networks are 192.168.1.0/24 and 192.168.2.1/24, I use static IPs…

THANK you all

Attachments

1. sh run

2. sh dsl int atm 0

3. http://www.flickr.com/photos/44045127@N03/4049731432/

(link of the error while transfering)

7 Replies 7

lgijssel
Level 9
Level 9

Two remarks:

1: Your DSL only has an upstream bandwidth of 1Mb. This puts a limit on the VPN transfer speed.

2: You should modify the ACL's to accept all ip traffic from the VPN peer, not just a subset of protocols.

regards,

Leo

thank you Leo,

i know that i have this limited BW but i cant even achive 768kbit/sec while transfering

2. what do u mean?

i use the

access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 which allows everything... isnt it correct?

3.Do u know what may causes the error (see the link)

4. The mtu size on my Dialer should be 1492?

do u think the configuration is correct?

THANK YOU

Replace this:

access-list 102 permit ahp host R.R.R.R any

access-list 102 permit esp host R.R.R.R any

access-list 102 permit udp host R.R.R.R any eq isakmp

access-list 102 permit udp host R.R.R.R any eq non500-isakmp

with this:

access-list 102 permit ip host R.R.R.R host (your-public-ip)

MTU of 1492 should be fine.

regards,

Leo

Well,

My new configuration according to Leos advice is in the attachment…

I still have problem with the transfer I increased the throuput (but not yet to max) but I still get errors. Please check the link…thank you all…

Well,

My new configuration according to Leos advice is in the attachment…

I still have problem with the transfer I increased the thgrouput (but not yet to max) and I still get errors. Please check the link…thank you all…

REALLY THANK YOU FOR HELP

http://www.flickr.com/photos/44165167@N07/4058018945/

Sorry, this is the attachmnet of sh run, please check te error at http://www.flickr.com/photos/44165167@N07/4058018945/sizes/l/

thank you all

This may very well be what it says:

Please check the network adapter settings on the end-nodes to see if perhaps TCP-offload is configured there.

It is not likely that this problem is related to your config because the router typically operates at IP level (layer 3) and does very little with the rest of the packet.

regards,

Leo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: