Solved

VPN Communication unreliable

Posted on 2004-03-24
4
311 Views
Last Modified: 2012-06-27
Hi,

I have 6 remote sites each with 5 - 7 PC's and 3 - 4 printers using JetDirect devices.  Each site has static IP's and accessing the internet with their own DSL (SBC) at their respective sites.  Each site has Nokia IP30's (with Check Point) to access via VPN the main (7th) site.  The main site has a Check Point 225U device which is connected to a T1 (running only 768 for data).  The T1 is supplied by TDS Metrocom.  The remote sites access the main site to login to a Windows 2000 network running active directory and to access an IBM AIX box (using MultiView 2000).  All PC's at all sites are running XP Pro with at least SP1 on them.  
The remote sites need access to the main site for email (Exchange - lets call it Exchange); files (lets call it FS1) and the AIX box.  All sites communicate via TCPIP.  The main site is using DHCP.  All remote sites have the IP address of the 2 servers in their HOSTS file.
The issue were are having is unreliable communications between the remote sites and the main site.  Login to the domain is usually OK but Outlook access to the Exchange box is unreliable.  Sometimes it is ok but others it gives Exchange cannot be found Retry, Work Offline or Cancel.  If you hit Retry 3 - 4 times, sometimes is connects.  
Also, maybe unrelated, is the Telnet software (MultiView2000) just stops repsonding.  There could be days where the software loosed connection every hour or so.
The DSL speed at all but 2 sites is around 1.2 to 1.5 MBS while the 2 slow sites are around 384 K (since they are so far away).
I set the MTU's on the PC's at 2 sites to test - does seem to make much difference.
Any ideas on how to improve this situation?

Thank You
0
Comment
Question by:jpoole_007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Assisted Solution

by:mrpez1
mrpez1 earned 250 total points
ID: 10673138
I'm not familiar with the Nokia IP30 but it must have a log.... Can you see the tunnels going up and down? What are the Security Associations' life spans? If they're really short that might be your issue as the tunnels are constantly renegotiating.

If not, I'd look for packet loss. Are all the remote sites having these difficulities equally? If so, I'd check out  the T1 then the different offices' routes to the T1.
0
 

Author Comment

by:jpoole_007
ID: 10680366
Thanks MRPEZ1,

I will check the T1 as the sites do seem to be similar.  Since I'm a VPN newbie, I haven't seen any settings for IPSEC timing configurations (your reference to Security Associations).  I will continue to examine this as well.
I will be checking on these things this afternoon.

0
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 10683622
have you tried changing VPN gateway's MTU settings?
0
 

Author Comment

by:jpoole_007
ID: 10892388
I am splitting the points between the bbao amd MPREZ1 since both were right.  We ended up removing TDS Metrocom Xdata and replaced it with TDS Metrocom T1.  Also, we had SOHO engineers on it along with Nokia engineers.  The SOHO people (from Isreal) had to make some modifications to the 225U box including MTU settings.  It didn't work right away but after rebooting the remote sites, it seems to be much more stable than before.  I won't hold my breath for at least another week though:)

Thank you both for your time and input
Sorry for the delay in getting back to you with points as I have been loosing my mind with this issue; an issue that was easily implemented at other clients.

Jim
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question