I ran into an issue recently involving a remote VPN site dropping about 40% - 50% of the packets sent to the main site.  

I had to turn off Cisco Express Forwarding using the command “no ip cef” command in the remote site router to resolve the issue.

Cisco Express Forwarding (CEF) is normally enabled to improve performance on the device making routing decisions.  However since it uses a separate table called the Forwarding Information Base vs. using the routing table of the router, there can be inconsistencies in table entries, especially when IPSEC encryption is involved.

Tags: CEF, Dropped Packets, IPSEC, Packet Loss, VPN