Cisco Site to Stite VPN Tunnel Drops Alternating Pings

Here is a summary of the current problem I have with my Cambodia office.  In SF, we have a Cisco 5510.  In Cambodia (KH), there is a Cisco 2821.

1) All pings from SF to KH result in alternating packet loss (VPN Tunnel);
2) All pings from KH to Internet are fine (No Tunnel);
3) All pings from KH to SF result in alternating packet loss (VPN Tunnel);
4) Pings from SF to inside interface and outside interface are fine (no loss, VPN Tunnel).
5) Increasing ping size to 1500 (ping x.x.x.x -l 1500) results in no packet loss (VPN Tunnel).
6) I have removed all network gear on the KH side and had a user hook a laptop direct to the 2821.  Same issues.
7) this tunnel had been working for 2+ years with no issues.  No changes on the 5510 or ISP in SF.  I am not sure about the ISP in KH - I cannot get an answer.

Z:\>ping 10.3.0.2

Pinging 10.3.0.2 with 32 bytes of data:
Reply from 10.3.0.2: bytes=32 time=201ms TTL=62
Request timed out.
Reply from 10.3.0.2: bytes=32 time=201ms TTL=62
Request timed out.

Ping statistics for 10.3.0.2:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 201ms, Maximum = 201ms, Average = 201ms


Z:\>ping 10.3.0.2 -l 1500

Pinging 10.3.0.2 with 1500 bytes of data:
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=219ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62

Ping statistics for 10.3.0.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 208ms, Maximum = 219ms, Average = 210ms
LVL 10
wdurrettAsked:
Who is Participating?
 
n7oknCommented:
You might try putting this on the outside Interface on both routers:

ip tcp adjust-mss 1452


0
 
wdurrettAuthor Commented:
Awesome.  I only had to add it to the KH router.  All is good now.

Here is the Cisco write-up:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.