That's a pretty small pipe to squeeze uncompressed
IPSec traffic through. Is it possible that there is a NAT device somewhere
between the two sites? If so, your firewalls are probably implementing
NAT-T, which wraps the IPSec traffic in a UDP encapsulation on port 4500. ;
This adds quite a bit of overhead and it is possible that packets are getting
fragmented. Fragmented packets = a congested interface queue and before
too long, packets will get dropped if the queue is not cleared.
Aaron
----- Original Message -----
Sent: Sunday, November 26, 2006 3:41
AM
Subject: [PIX_Firewall] packet drops with
encryption.
Hi all,
Two of my company branches are
connected with a CE1 leased line (56kbps) . Even thought it is connected with
private lines , we have enabled IPSec encryption between two sites. I found
packet drops between those two sites after enabling the IPSec . I checked the
same after I removed the IPSec and found no issues (no packet
drops)
Can anyone please throw some
lights on the above mentioned scenario.
Thnaks ,
dabance
______________________________________________________________________
This
email has been scanned by the MessageLabs Email Security System.
For more
information please visit http://www.messagelabs.com/email
______________________________________________________________________
.
gmail.com"