Hi,
In our site-to-site VPN setup between two ASA's we see the following
effect: On the internet route from Office A to Office B in another
country we notice that one of the provider routers in between has 70%
packet loss or more. In this situation the ASA then drops TCP sessions
over VPN, i.e. after a telnet login one gets kicked out after a few
seconds or minutes.
Previously we had that VPN connection made with a Sonicwall and then
only the network troughput or response time went slow.
Is there a way to control this behaviour?
Thanks in advance.
Regards,
Bernd
|
|
0
|
|
|
|
Reply
|
 deepblue2007 (8)
|
4/17/2007 2:14:39 PM |
|
In article <1176819279.426779.138140@d57g2000hsg.googlegroups.com>,
Bernd Nies <deepblue2007@bluewin.ch> wrote:
>In our site-to-site VPN setup between two ASA's we see the following
>effect: On the internet route from Office A to Office B in another
>country we notice that one of the provider routers in between has 70%
>packet loss or more.
I wonder if your packets are being dropped as being too large?
Are you using path MTU detection? Have you tried using the
tcp mss adjust feature?
>Previously we had that VPN connection made with a Sonicwall and then
>only the network troughput or response time went slow.
It could be that the previous connection used a different encapsulation
that was just shorter enough to not be a problem on the link.
For example, if you have isakmp nat-traversal turned on now,
that probably wasn't present on your prior sonic wall, and so you
might now have a UDP layer encapsulating an ESP layer encapsulating
the payload TCP or UDP layer -- overhead build-up!
|
|
|
0
|
|
|
|
Reply
|
 roberson
|
4/18/2007 1:43:21 PM
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24755 articles. 
23 followers. 
1 Replies
502 Views
