unTech
asked on
VPN traffic & application drops
We have a site to site internet VPN between a Cisco ASA 4510 (ASDM 8.5) at our main site (40 M fiber), and a Cisco 2951 (10 M ethernet) at our satellite site. The two other VPNs don't have a problem...
We have two applications that drop periodically starting a week ago: Outlook and ASA/400.
What we done:
- hard coded the WAN interface of 4510 interface to the ISP modem interface at 100/full
- increased the TTL on VPN
- lowered WAN server replication bandwidth between sites
We noticed improvements. However, today we got our first complaint of the ASA/400 software resetting and Outlook hanging.
Attached is a visual of traffic between the sites that spiked just before the user complained. This happened twice today.
What can be done for our VPN stability to handle this traffic? And why is this happening?
Also, is one dropped packet from time to time generally a problem?
-------------------------- ---------- -
So this appeared to happen again. A huge connection to Exchange from remote site. Caused 11 packets lost it appears.
Or (I forgot to mention) the site is configured to failover the VPN to secondary line when loose contact w/ main vpn connection.
Maybe it is trying to failover and then failback when loosing connection?
traffic.png
We have two applications that drop periodically starting a week ago: Outlook and ASA/400.
What we done:
- hard coded the WAN interface of 4510 interface to the ISP modem interface at 100/full
- increased the TTL on VPN
- lowered WAN server replication bandwidth between sites
We noticed improvements. However, today we got our first complaint of the ASA/400 software resetting and Outlook hanging.
Attached is a visual of traffic between the sites that spiked just before the user complained. This happened twice today.
What can be done for our VPN stability to handle this traffic? And why is this happening?
Also, is one dropped packet from time to time generally a problem?
--------------------------
So this appeared to happen again. A huge connection to Exchange from remote site. Caused 11 packets lost it appears.
Or (I forgot to mention) the site is configured to failover the VPN to secondary line when loose contact w/ main vpn connection.
Maybe it is trying to failover and then failback when loosing connection?
traffic.png
You might want to monitor the logging on the ASA and/or the 2951 to see if somethings shows up there.
ASKER
I've requested that this question be deleted for the following reason:
no one answered
no one answered
ASKER
Configuration on one of the routers were changed (SLA monitor).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes