[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Cisco Site to Stite VPN Tunnel Drops Alternating Pings

Here is a summary of the current problem I have with my Cambodia office.  In SF, we have a Cisco 5510.  In Cambodia (KH), there is a Cisco 2821.

1) All pings from SF to KH result in alternating packet loss (VPN Tunnel);
2) All pings from KH to Internet are fine (No Tunnel);
3) All pings from KH to SF result in alternating packet loss (VPN Tunnel);
4) Pings from SF to inside interface and outside interface are fine (no loss, VPN Tunnel).
5) Increasing ping size to 1500 (ping x.x.x.x -l 1500) results in no packet loss (VPN Tunnel).
6) I have removed all network gear on the KH side and had a user hook a laptop direct to the 2821.  Same issues.
7) this tunnel had been working for 2+ years with no issues.  No changes on the 5510 or ISP in SF.  I am not sure about the ISP in KH - I cannot get an answer.

Z:\>ping 10.3.0.2

Pinging 10.3.0.2 with 32 bytes of data:
Reply from 10.3.0.2: bytes=32 time=201ms TTL=62
Request timed out.
Reply from 10.3.0.2: bytes=32 time=201ms TTL=62
Request timed out.

Ping statistics for 10.3.0.2:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 201ms, Maximum = 201ms, Average = 201ms


Z:\>ping 10.3.0.2 -l 1500

Pinging 10.3.0.2 with 1500 bytes of data:
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=219ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62
Reply from 10.3.0.2: bytes=1500 time=208ms TTL=62

Ping statistics for 10.3.0.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 208ms, Maximum = 219ms, Average = 210ms
0
wdurrett
Asked:
wdurrett
1 Solution
 
n7oknCommented:
You might try putting this on the outside Interface on both routers:

ip tcp adjust-mss 1452


0
 
wdurrettAuthor Commented:
Awesome.  I only had to add it to the KH router.  All is good now.

Here is the Cisco write-up:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now