Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

degraded performance VPN clients in network extension mode


Since a couple of weeks i'm seeing degraded services on my 3030 concentrator (1 SEP). It will result in big packets being dropped (1500 bytes), i first suspected the internet circuit but after troubleshooting the private interface i see the packets already being dropped at the private interface. I have about 100 sessions coming from 3002 HW clients in extension mode. My worries are that 1 sep might not be enough for the session, but i'm unable to find information to confirm this.

The only changes made since it went into production are that we are only adding more and more these days.

Hope you guys can help me sort this one.

Cisco Employee

Re: degraded performance VPN clients in network extension mode

100 sessions on a 3030 is far less than its max session capability.

You mentioned Private Interface is dropping the large packets, have you tried clearing DF bit on Private interface ?

A good way to find out the largest packet size that can be passed is to use the PING utility as follows:

ping -f -l , where

f = do not fragment

l = packet length.

For example: ping -f -l 1400

Configuration--->Interfaces--Privt Intf---> Public Intf Fragmentation Policy

Select the third option.

Note: Chaging the policy on any of the interface will tear down the existing sessions.

You might wanna take a look at :

*Please rate if it helped.


Re: degraded performance VPN clients in network extension mode

Hi Kanishka, thanks for the tips but i do not think fragmentation being the issue, during a day it will not drop packets for several hours, but at certain times it will do (i suspect when there is a lot of traffic going thru the concentrator).