Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPsec VPN 20% Packet Loss

Hallo All,

I have problem with my IPsec VPN between Cisco1841 am OpenBSD Server.

Sice today 4:00 am the VPN has about 20% packet loss and all comunication between this sites are blocked.

Before this it worked for about 2 years without problems and we changed nothing at both sides.

The normal traffic which gose not throught is working fine.

I think the problem hase to be at the cisco, beacause all other sites connecting ti the OpenBSD Server are working fine, too.

The cisco is configured like this:

crypto isakmp policy 2

encr aes

authentication pre-share

crypto isakmp key xyzxyzxyz address 123.456.789.1 no-xauth

crypto isakmp keepalive 10 periodic

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel_Holding

set peer 123.456.789.1

set transform-set ESP-AES-SHA ESP-3DES-SHA ESP-3DES-SHA1

match address 104

!

crypto map SDM_CMAP_2 1 ipsec-isakmp

description Tunnel to123.456.789.1

set peer 123.456.789.1

set transform-set ESP-3DES-SHA2

match address 102

!

!

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$

ip address 11.22.33.1 255.255.255.0

ip access-group 100 in

no ip redirects

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $FW_OUTSIDE$$ETH-LAN$

ip address 44.55.66.2 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

no ip redirects

no ip proxy-arp

ip mtu 1390

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

crypto map SDM_CMAP_2

!

ip classless

ip route 0.0.0.0 0.0.0.0 44.55.66.254 permanent

Is there someone who could help me????

Best Regards

Dominik

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions

IPsec VPN 20% Packet Loss

Can you turn on debugging and check the logs please?

Cause of the early time this happens I'd say it's hardware (flash, AIM module, CPU?) or the carrier/uplink.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
2 REPLIES

IPsec VPN 20% Packet Loss

Can you turn on debugging and check the logs please?

Cause of the early time this happens I'd say it's hardware (flash, AIM module, CPU?) or the carrier/uplink.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

IPsec VPN 20% Packet Loss

Hi,

the problem disappears quite suddenly it appears, overnight. I am confusing.

I suppose, that the problem caused by the ISP.

Dominik

241
Views
0
Helpful
2
Replies
This widget could not be displayed.