1. Home
  2. Cisco Systems
  3. IP CEF and VPNs.

IP CEF and VPNs.

Hello,

I built a VPN like other dozens I did between a PIX and Cisco 837/877. For one of them users behind reported that speed was very good but the VPN. I noticed that as I compared the access time using the public IP and the loopback interface through the VPN. The first access didn't freeze the router while the second made the CPU load go to the maximum. I sorted the problem out disabling the CEF feature. But CEF is enabled on all the other router which don't bring me troubles.

Does anyone know the reason why CEF could be an obstacle to speed through the VPN?

Thanks a lot?

Alex.

Reply to
AM
Loading thread data ...

Cef has always been a problem with VPN tunnels. I've had cases where no traffic would flow or it would be sporadic like only http would flow. Either way, I made it a habit of setting the following on an interface with a crypto map when I run into weird vpn issues.

No ip route-cache no ip mroute-cache

Reply to
opensource

Disabling CEF to isolate and debug the problem is a good idea. But disabling it permanently is usually not a good idea because that might cause packets to be process switched and that will cause very high cpu utilization and other consequent problems.

If you do run into a problem that only happens when CEF is enabled, it is likely a software bug and you should try and upgrade to a later version that has a fix.

Cisco da Gama

formatting link

Reply to
ciscodagama

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.