• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

VPN Communication unreliable

Hi,

I have 6 remote sites each with 5 - 7 PC's and 3 - 4 printers using JetDirect devices.  Each site has static IP's and accessing the internet with their own DSL (SBC) at their respective sites.  Each site has Nokia IP30's (with Check Point) to access via VPN the main (7th) site.  The main site has a Check Point 225U device which is connected to a T1 (running only 768 for data).  The T1 is supplied by TDS Metrocom.  The remote sites access the main site to login to a Windows 2000 network running active directory and to access an IBM AIX box (using MultiView 2000).  All PC's at all sites are running XP Pro with at least SP1 on them.  
The remote sites need access to the main site for email (Exchange - lets call it Exchange); files (lets call it FS1) and the AIX box.  All sites communicate via TCPIP.  The main site is using DHCP.  All remote sites have the IP address of the 2 servers in their HOSTS file.
The issue were are having is unreliable communications between the remote sites and the main site.  Login to the domain is usually OK but Outlook access to the Exchange box is unreliable.  Sometimes it is ok but others it gives Exchange cannot be found Retry, Work Offline or Cancel.  If you hit Retry 3 - 4 times, sometimes is connects.  
Also, maybe unrelated, is the Telnet software (MultiView2000) just stops repsonding.  There could be days where the software loosed connection every hour or so.
The DSL speed at all but 2 sites is around 1.2 to 1.5 MBS while the 2 slow sites are around 384 K (since they are so far away).
I set the MTU's on the PC's at 2 sites to test - does seem to make much difference.
Any ideas on how to improve this situation?

Thank You
0
jpoole_007
Asked:
jpoole_007
  • 2
2 Solutions
 
mrpez1Commented:
I'm not familiar with the Nokia IP30 but it must have a log.... Can you see the tunnels going up and down? What are the Security Associations' life spans? If they're really short that might be your issue as the tunnels are constantly renegotiating.

If not, I'd look for packet loss. Are all the remote sites having these difficulities equally? If so, I'd check out  the T1 then the different offices' routes to the T1.
0
 
jpoole_007ConsultantAuthor Commented:
Thanks MRPEZ1,

I will check the T1 as the sites do seem to be similar.  Since I'm a VPN newbie, I haven't seen any settings for IPSEC timing configurations (your reference to Security Associations).  I will continue to examine this as well.
I will be checking on these things this afternoon.

0
 
bbaoIT ConsultantCommented:
have you tried changing VPN gateway's MTU settings?
0
 
jpoole_007ConsultantAuthor Commented:
I am splitting the points between the bbao amd MPREZ1 since both were right.  We ended up removing TDS Metrocom Xdata and replaced it with TDS Metrocom T1.  Also, we had SOHO engineers on it along with Nokia engineers.  The SOHO people (from Isreal) had to make some modifications to the 225U box including MTU settings.  It didn't work right away but after rebooting the remote sites, it seems to be much more stable than before.  I won't hold my breath for at least another week though:)

Thank you both for your time and input
Sorry for the delay in getting back to you with points as I have been loosing my mind with this issue; an issue that was easily implemented at other clients.

Jim
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now