[c-nsp] PIX VPN & packet loss
Big Wave Dave
bigwavedave at gmail.com
Thu Mar 24 12:01:29 EST 2005
Have you done ping tests with varying packet size and MTU? Remember
that you typically need to have 1500 MTU .... yet you lose some
because of the VPN overhead... Perhaps try a 1300 MTU?
Dave
On Thu, 24 Mar 2005 17:55:35 +0100, Andre Beck <cisco-nsp at ibh.net> wrote:
> Hi,
>
> I'm observing a small but "stable" amount of packet loss in a VPN
> built of a central PIX 515 and a bunch of 506s. There seems to be
> a loss of approx. 1.5% to 2% on VPN tunnels, regardless of the site
> talking to central, seemingly in the direction 515->506. PIX OS versions
> are latest, configuration is mostly trivial, VPN sites can basically
> do any IP traffic to the central site. Extensive ping tests in the
> respective broadcast domains to which the PIXen are connected as
> well as on the links interconnecting them show no packet loss at all.
>
> Anyone seen something like this or have a hook where to start further
> debugging? I'm supposed to establish a QoSed star of GRE tunnels on
> top of that for VoIP to come and really need to get rid of *that*
> packet loss before doing the QoS tuning introducing an intentional
> one through shaping...
>
> TIA,
> Andre.
> --
> The _S_anta _C_laus _O_peration
> or "how to turn a complete illusion into a neverending money source"
>
> -> Andre Beck +++ ABP-RIPE +++ IBH Prof. Dr. Horn GmbH, Dresden <-
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list