Jim Poole
asked on
VPN Communication unreliable
Hi,
I have 6 remote sites each with 5 - 7 PC's and 3 - 4 printers using JetDirect devices. Each site has static IP's and accessing the internet with their own DSL (SBC) at their respective sites. Each site has Nokia IP30's (with Check Point) to access via VPN the main (7th) site. The main site has a Check Point 225U device which is connected to a T1 (running only 768 for data). The T1 is supplied by TDS Metrocom. The remote sites access the main site to login to a Windows 2000 network running active directory and to access an IBM AIX box (using MultiView 2000). All PC's at all sites are running XP Pro with at least SP1 on them.
The remote sites need access to the main site for email (Exchange - lets call it Exchange); files (lets call it FS1) and the AIX box. All sites communicate via TCPIP. The main site is using DHCP. All remote sites have the IP address of the 2 servers in their HOSTS file.
The issue were are having is unreliable communications between the remote sites and the main site. Login to the domain is usually OK but Outlook access to the Exchange box is unreliable. Sometimes it is ok but others it gives Exchange cannot be found Retry, Work Offline or Cancel. If you hit Retry 3 - 4 times, sometimes is connects.
Also, maybe unrelated, is the Telnet software (MultiView2000) just stops repsonding. There could be days where the software loosed connection every hour or so.
The DSL speed at all but 2 sites is around 1.2 to 1.5 MBS while the 2 slow sites are around 384 K (since they are so far away).
I set the MTU's on the PC's at 2 sites to test - does seem to make much difference.
Any ideas on how to improve this situation?
Thank You
I have 6 remote sites each with 5 - 7 PC's and 3 - 4 printers using JetDirect devices. Each site has static IP's and accessing the internet with their own DSL (SBC) at their respective sites. Each site has Nokia IP30's (with Check Point) to access via VPN the main (7th) site. The main site has a Check Point 225U device which is connected to a T1 (running only 768 for data). The T1 is supplied by TDS Metrocom. The remote sites access the main site to login to a Windows 2000 network running active directory and to access an IBM AIX box (using MultiView 2000). All PC's at all sites are running XP Pro with at least SP1 on them.
The remote sites need access to the main site for email (Exchange - lets call it Exchange); files (lets call it FS1) and the AIX box. All sites communicate via TCPIP. The main site is using DHCP. All remote sites have the IP address of the 2 servers in their HOSTS file.
The issue were are having is unreliable communications between the remote sites and the main site. Login to the domain is usually OK but Outlook access to the Exchange box is unreliable. Sometimes it is ok but others it gives Exchange cannot be found Retry, Work Offline or Cancel. If you hit Retry 3 - 4 times, sometimes is connects.
Also, maybe unrelated, is the Telnet software (MultiView2000) just stops repsonding. There could be days where the software loosed connection every hour or so.
The DSL speed at all but 2 sites is around 1.2 to 1.5 MBS while the 2 slow sites are around 384 K (since they are so far away).
I set the MTU's on the PC's at 2 sites to test - does seem to make much difference.
Any ideas on how to improve this situation?
Thank You
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am splitting the points between the bbao amd MPREZ1 since both were right. We ended up removing TDS Metrocom Xdata and replaced it with TDS Metrocom T1. Also, we had SOHO engineers on it along with Nokia engineers. The SOHO people (from Isreal) had to make some modifications to the 225U box including MTU settings. It didn't work right away but after rebooting the remote sites, it seems to be much more stable than before. I won't hold my breath for at least another week though:)
Thank you both for your time and input
Sorry for the delay in getting back to you with points as I have been loosing my mind with this issue; an issue that was easily implemented at other clients.
Jim
Thank you both for your time and input
Sorry for the delay in getting back to you with points as I have been loosing my mind with this issue; an issue that was easily implemented at other clients.
Jim
ASKER
I will check the T1 as the sites do seem to be similar. Since I'm a VPN newbie, I haven't seen any settings for IPSEC timing configurations (your reference to Security Associations). I will continue to examine this as well.
I will be checking on these things this afternoon.