I'm dealing with a strange problem that we've been having for some time.
Cisco 7206 running IOS (tm) 7200 Software (C7200-IK9SU2-M), Version 12.3(23). Have a crossover ethernet connection to a linux box on fastethernet4/0. Have a backbone internet connection on ATM2/0.4. Have a crypto map attached to fastethernet0/0 for a VPN to a remote endpoint at another computer. They have another machine past their endpoint of the vpn. The vpn exists so their machine (65.119.118.76) can talk to our machine (24.235.0.25).
Pings between the VPN endpoints, 0% loss. Pings to the machines inside the endpoints, 0% loss. Pings to anywhere through any interface on our vpn endpoint router, 0% loss. No packet less anywhere, UNTIL...
When you ping from the machine on our lan through the vpn to the machine on their lan, anywhere from 5-40% packet loss.
Things I have determined --
When pinging, show crypto ipsec sa shows every packet being encrypted and entering the vpn. From their end, they see every ping packet arrive and get returned. Again, show crypto ipsec sa shows every packet being decrypted coming out of the vpn. It would seem the problem is something related to finally delivery from our endpoint router to the linux box, but only for packets that come out of the vpn.
Any hints would be greatly appreciated. Also, I read a description of a similar problem from someone that they said turned out to be a bug in a deferred version of IOS. Does anyone know anything about that?
Cisco 7206 running IOS (tm) 7200 Software (C7200-IK9SU2-M), Version 12.3(23). Have a crossover ethernet connection to a linux box on fastethernet4/0. Have a backbone internet connection on ATM2/0.4. Have a crypto map attached to fastethernet0/0 for a VPN to a remote endpoint at another computer. They have another machine past their endpoint of the vpn. The vpn exists so their machine (65.119.118.76) can talk to our machine (24.235.0.25).
Pings between the VPN endpoints, 0% loss. Pings to the machines inside the endpoints, 0% loss. Pings to anywhere through any interface on our vpn endpoint router, 0% loss. No packet less anywhere, UNTIL...
When you ping from the machine on our lan through the vpn to the machine on their lan, anywhere from 5-40% packet loss.
Things I have determined --
When pinging, show crypto ipsec sa shows every packet being encrypted and entering the vpn. From their end, they see every ping packet arrive and get returned. Again, show crypto ipsec sa shows every packet being decrypted coming out of the vpn. It would seem the problem is something related to finally delivery from our endpoint router to the linux box, but only for packets that come out of the vpn.
Any hints would be greatly appreciated. Also, I read a description of a similar problem from someone that they said turned out to be a bug in a deferred version of IOS. Does anyone know anything about that?