I am hoping someone can shed a little light on this for me (had a TAC open for well over a week, not that quick at getting back to me).
Anyhow, i have a Cisco 837 ADSL Router connecting to a VPN Concentrator using IPSec. Their are no connecting issues and browsing the Internet is working without any issues. The problem I have is with uploads through the VPN connection.
If i try sending information from the ADSL Site to the Central Site, it just starts timing out. A packet capture shows a lot of retransmissions and also some duplicate ACKs going on.
Cisco have suggested changing the External Interface on the Concentrator to reset the DF bit. This has not made any difference.
Anyhow, i have tested uploading through the ADSL Line without a VPN Connection and there are no issues on the line, its definately something to do with the VPN.
When you do an FTP the first part of the connection negotiates the MTU size. Set the server or the client to an MTU size of 1200 and this will give you a quick fix for the problem and you will not see any slowdown of the connection. You can use this program. http://www.dslreports.com/drtcp A reboot is necessary after this chnage is done.
You need to do this because when wrapping the encryption packets around the FTP session it causes the MTU size to be bigger that 1500 which causes fragmentation and dropped packets (normal firewall activity for fragmented packets).
Adjusting MTU size on the devices in between the connection will do nothing since MTU size is negotiated between the client and server.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :