IP CEF and VPNs.

[AM]

Hello,

I built a VPN like other dozens I did between a PIX and Cisco 837/877.
For one of them users behind reported that speed was very good but the VPN. I noticed that as I compared the access time
using the public IP and the loopback interface through the VPN. The first access didn't freeze the router while the
second made the CPU load go to the maximum.
I sorted the problem out disabling the CEF feature. But CEF is enabled on all the other router which don't bring me
troubles.

Does anyone know the reason why CEF could be an obstacle to speed through the VPN?

Thanks a lot?

Alex.

[opensource]

Cef has always been a problem with VPN tunnels. I've had cases where no
traffic would flow or it would be sporadic like only http would flow.
Either way, I made it a habit of setting the following on an interface
with a crypto map when I run into weird vpn issues.

No ip route-cache
no ip mroute-cache

--
opensource
------------------------------------------------------------------------
opensource's Profile: http://www.CertificationChat.com/member.php?userid=67
View this thread: http://www.CertificationChat.com/showthread.php?t=8035

[cisco...@gmail.com]

Disabling CEF to isolate and debug the problem is a good idea. But
disabling it permanently is usually not a good idea because that might
cause packets to be process switched and that will cause very high cpu
utilization and other consequent problems.

If you do run into a problem that only happens when CEF is enabled, it
is likely a software bug and you should try and upgrade to a later
version that has a fix.

Cisco da Gama
http://ciscostudy.blogspot.com