Link to home
Start Free TrialLog in
Avatar of ddsteam
ddsteam

asked on

Packet Loss through Cisco VPN

Hi There,

I have a Remote VPN setup on our Cisco ASA 5510 when pinging devices through the VPN tunnel i seem to get packet loss.

Does anyone know what would cause this to occur?

thanks
Avatar of atlas_shuddered
atlas_shuddered
Flag of United States of America image

Can you be a bit clearer on "seem to get packet loss"?  In some instances this may be completely normal dependent on config.
Avatar of ddsteam
ddsteam

ASKER

Well I've noticed that the hitcounts on the NONAT acl's are not increasing at all but the connection is working for other clients.

Basically, one of our clients is being pedantic. If they do a continuous ping, they find that they lose about 3 or 4 packets in every 100 that are sent.

I've explained that this is not actually an issue (especially regarding the firewall or VPN configuration) but they insist that I investigate the matter further.

Anybody have any ideas on how I can conclusively prove that this is not firewall related?
MTU need to be adjusted in some cases.
   i.e.
    interface tunnel 0
        ip tcp adjust-mss 1360
    interface fast 0/0
        ip tcp adjust-mss 1360
You can also modify the MTU but on the tunnel interface:
    interface tunnel 0
        ip mtu 1300
Do performance test before/after to determine most appropriate MTU size.
Avatar of ddsteam

ASKER

Surely the ASA's default MTU size of 1500 should be sufficient?
http://www.dslreports.com/faq/5793

You need to find your optimum MTU number.


http://dast.nlanr.net/projects/jperf/  -using 2 PC's for badwith test across VPN

will help you to see, what MTU is will work better.
In some cases , you triple VPN speed, beside stoping "packet loss".
ASKER CERTIFIED SOLUTION
Avatar of dkarpekin
dkarpekin

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ddsteam

ASKER

No answer recieved.
Avatar of ddsteam

ASKER

Was willing to assist with what was frankly a rather silly issue to begin with.