fruitbatboy
IS-IT--Management
Hi,
I'm a IT Manager and not a Cisco expert but have a good understanding of Cisco technologies, we've 5 dmvpn sites (all 2821 3vpn 12.4 (17) + under 60ms to hub) using the following configs with 100mb bandwidth at each but no matter what we transfer over the dmvpn tunnel we can only achieve 6mb/6mb max throughput, could someone review the configs and just confirm I'm not missing or doing something wrong in these configs that could be causing the problem? Any other ideas on what could be causing the problems?
Any comments or suggestions would be greatly appreciated.
Cheers Fruitbatboy.
Hub config
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key "key" address 0.0.0.0 0.0.0.0
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
mode transport
crypto ipsec profile mgreprofile
set transform-set 3DES
interface Tunnel0
description "hub config"
bandwidth 10000
ip address "host tunnel ip"
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1234
ip nhrp authentication "key"
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 300
no ip split-horizon eigrp 1234
load-interval 30
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile mgreprofile
interface GigabitEthernet0/0
description LAN Interface"
ip address "LAN IP"
interface GigabitEthernet0/1
description "ISP Interface"
ip address "ISP IP"
router eigrp 1234
network "host ip subnet"
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 "ISP GW"
Spoke Config
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key "key" address 0.0.0.0 0.0.0.0
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
mode transport
crypto ipsec profile mgreprofile
set transform-set 3DES
interface Tunnel1
description "SPOKE config"
bandwidth 10000
ip address "spoke tunnel ip"
no ip redirects
ip mtu 1416
ip nhrp authentication "key"
ip nhrp map "host tunnel ip" "host isp ip"
ip nhrp map multicast "host isp ip"
ip nhrp network-id 123
ip nhrp holdtime 300
ip nhrp nhs "host tunnel ip"
load-interval 30
delay 1000
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile mgreprofile
interface GigabitEthernet0/0
description "ISP Interface"
ip address "isp ip"
ip nat outside
ip virtual-reassembly
interface GigabitEthernet0/1
description "LAN IP"
ip address "lan IP"
ip nat inside
ip virtual-reassembly
ip route-cache same-interface
router eigrp 1234
passive-interface GigabitEthernet0/1
network "LAN Subnet"
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 "ISP GW"
ip nat inside source list 10 interface GigabitEthernet0/0 overload
access-list 10 remark NAT ACL
access-list 10 permit "lan subnet"
I'm a IT Manager and not a Cisco expert but have a good understanding of Cisco technologies, we've 5 dmvpn sites (all 2821 3vpn 12.4 (17) + under 60ms to hub) using the following configs with 100mb bandwidth at each but no matter what we transfer over the dmvpn tunnel we can only achieve 6mb/6mb max throughput, could someone review the configs and just confirm I'm not missing or doing something wrong in these configs that could be causing the problem? Any other ideas on what could be causing the problems?
Any comments or suggestions would be greatly appreciated.
Cheers Fruitbatboy.
Hub config
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key "key" address 0.0.0.0 0.0.0.0
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
mode transport
crypto ipsec profile mgreprofile
set transform-set 3DES
interface Tunnel0
description "hub config"
bandwidth 10000
ip address "host tunnel ip"
no ip redirects
ip mtu 1416
no ip next-hop-self eigrp 1234
ip nhrp authentication "key"
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip nhrp holdtime 300
no ip split-horizon eigrp 1234
load-interval 30
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile mgreprofile
interface GigabitEthernet0/0
description LAN Interface"
ip address "LAN IP"
interface GigabitEthernet0/1
description "ISP Interface"
ip address "ISP IP"
router eigrp 1234
network "host ip subnet"
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 "ISP GW"
Spoke Config
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key "key" address 0.0.0.0 0.0.0.0
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
mode transport
crypto ipsec profile mgreprofile
set transform-set 3DES
interface Tunnel1
description "SPOKE config"
bandwidth 10000
ip address "spoke tunnel ip"
no ip redirects
ip mtu 1416
ip nhrp authentication "key"
ip nhrp map "host tunnel ip" "host isp ip"
ip nhrp map multicast "host isp ip"
ip nhrp network-id 123
ip nhrp holdtime 300
ip nhrp nhs "host tunnel ip"
load-interval 30
delay 1000
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile mgreprofile
interface GigabitEthernet0/0
description "ISP Interface"
ip address "isp ip"
ip nat outside
ip virtual-reassembly
interface GigabitEthernet0/1
description "LAN IP"
ip address "lan IP"
ip nat inside
ip virtual-reassembly
ip route-cache same-interface
router eigrp 1234
passive-interface GigabitEthernet0/1
network "LAN Subnet"
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 "ISP GW"
ip nat inside source list 10 interface GigabitEthernet0/0 overload
access-list 10 remark NAT ACL
access-list 10 permit "lan subnet"