I configured the Cisco side of a VPN between and 806 and a 3Com SuperStack 3 firewall. The tunnel comes without issue and you CAN pass traffic through it, however the latency and througput are unbearable. Imagine a telnet taking 15 seconds to paint a dozen lines. If I simply open up a hole in the IOS FW and telnet through it, things fly. The latency only occurs when using the VPN. I've knocked everything down to single des, md5 and proc is ~5% at the most. I've never seen a VPN just work bad. It typically either works or it doesn't.
Any suggestions would be appreciated. Anyone ever go IOS to a SuperStack before?
mtu is 1492 on the Cisco side, but I'm not sure about the 3Com side, though other site to site IPSec VPNs terminate on it. Ping times are generally good (less than 100 ms) when they make it through, but I drop about 10% of pings going from the 3Com side to the cisco side, but none going from the cisco side to the 3Com side. Being that I'm using 64 byte packets going from the 3Com side, I have my doubts about mtu being a problem. This one has me quite stumped.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...