11-15-2010 12:11 PM
I have replaced the cables and the Cisco ASA 5505, I still lose packets when
I ping a pc on the other end of the site to site IPsec vpn tunnel. Can someone
tell me if this is related to the configuration of Cisco ASAs or other networking
problems. Thanks
here is the ping result:
Pinging 192.168.1.3 with 32 bytes of data:
Reply from 192.168.1.3: bytes=32 time=86ms TTL=99
Reply from 192.168.1.3: bytes=32 time=89ms TTL=99
Reply from 192.168.1.3: bytes=32 time=95ms TTL=99
Reply from 192.168.1.3: bytes=32 time=96ms TTL=99
Reply from 192.168.1.3: bytes=32 time=53ms TTL=99
Ping statistics for 192.168.1.3:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 96ms, Average = 83ms
Pinging 192.168.1.3 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 192.168.1.3: bytes=32 time=84ms TTL=99
Reply from 192.168.1.3: bytes=32 time=88ms TTL=99
Reply from 192.168.1.3: bytes=32 time=100ms TTL=99
Ping statistics for 192.168.1.3:
Packets: Sent = 5, Received = 3, Lost = 2 (40% loss),
Approximate round trip times in milli-seconds:
Minimum = 84ms, Maximum = 100ms, Average = 90ms
11-15-2010 12:20 PM
David
Are the 2 pings done straight after each other. Bear in mind if the tunnel is down you will lose some packets while the tunnel is brought up as IPSEC can take a while to negotiate and setup the tunnel.
Once the tunnel is up though, you should not be loosing any packets.
Jon
11-15-2010 12:37 PM
Yes Jon, the two pings are straight after each other.
I created a ping batch ultility that do pingging every 5 seconds.
I received about 10 "request timeout" in one hour.
Strangely the VPN tunnel is up all the time.
Thanks,
David
11-15-2010 05:35 PM
Hi Dave,
What about pings to the WAN interface of the VPN device at the other end ?
Do they drop ?
If we see any drops there, it means the problem is with the internet link to the remote site.
If not, we could apply captures and move forward.
Cheers,
Nash.
11-16-2010 08:26 AM
Hi Avinash,
That is a good idea. I will try it to see how it goes.
Thanks,
David
12-10-2017 11:47 PM
Other side VPN device WAN IP ping(ICMP) is disabled for security reason so how to verify it whether we are getting drops to the WAN remote side IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide