It's probably an MTU problem. I have an IPSec connection being tunneled via GRE, which in turn, is tunneled by another IPSec connection. Don't ask why I'm doing this :-) But we had to set the MTU down to 1320 to prevent fragmentation, and thus performance, issues.
In your case, you might want to try using the extended ping with the "no fragment" option to determine which MTU size will work in your situation. Cheers! Richarde ""Thomas N."" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi All, > > I am setting up a site-to-site VPN between 2 LANs using Cisco IOS VPN (Cisco > 2600 routers). I could get the tunnel up and running between the two LANs > with IPSec over GRE so that I can run EIGRP. Data transfer between 2 LANs > across the tunnel looks OK, and all dynamic routes learned with EIGRP. > However, a problem come up when I put a Proxy Server on the first LAN and > force Internet traffic from workstations from the second LAN to go out with > this Proxy server. Workstations from the second LAN could browse Internet > across the tunnel to reach the Proxy server then hit the Internet; however, > the performance is very poor (seem like browsing over a 56k modem). I am > thinking this may be because of fragmentation on the 2 routers. Is there > any work around for this issue? If MTU size needs to be adjusted, what > would be the ideal MTU size for IPSec over GRE tunnel in "tunnel" mode? > Again, thank you All for the help! > > Thomas N. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54639&t=54634 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
