For those of you which configuring IPSec and have packet loss in transit… Perhaps this configuration could help :

crypto ipsec client ezvpn REGISBTP
 connect auto
 group VPN-CLIENT2 key jsdfxkqwpoe
 local-address FastEthernet0
 mode network-extension
 peer 22.22.22.22
 username ipsec1@client2.vpn password jsdfxkqwpoe
 xauth userid mode local

interface FastEthernet0
 ip address 192.168.1.36 255.255.255.0
 ip mtu 1460
 no ip route-cache cef
 ip tcp adjust-mss 1420
 duplex auto
 speed auto
 crypto ipsec client ezvpn CLIENT2
!         

interface Vlan1
 ip address 10.20.0.1 255.255.255.0
 ip mtu 1460
 ip virtual-reassembly
 ip tcp adjust-mss 1420
 crypto ipsec client ezvpn CLIENT2 inside
!         
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254

The really interesting command (which resolves packet loss) is :

no ip route-cache cef

Ok, now you use FastSwitching and use more CPU, but the service is now OK agains 50% packet loss…

You could read :

IPSec and packet loss

2 thoughts on “IPSec and packet loss

  • uday
    May 22, 2013 at 4:13 am
    Permalink

    The router I use is Cisco 881 and this does not accept ” ip-route cache ” command.
    could you please let me know an appropriate solution.

    Thanks,
    uday

    Reply
    • admin
      May 24, 2013 at 9:35 pm
      Permalink

      I think a same command must exist on this plateform to use fast switching instead of cef. Doccd is your friend 🙂 i will search too …

      Best regards,
      Christophe

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.