Solved

VPN Communication unreliable

Posted on 2004-03-24
4
305 Views
Last Modified: 2012-06-27
Hi,

I have 6 remote sites each with 5 - 7 PC's and 3 - 4 printers using JetDirect devices.  Each site has static IP's and accessing the internet with their own DSL (SBC) at their respective sites.  Each site has Nokia IP30's (with Check Point) to access via VPN the main (7th) site.  The main site has a Check Point 225U device which is connected to a T1 (running only 768 for data).  The T1 is supplied by TDS Metrocom.  The remote sites access the main site to login to a Windows 2000 network running active directory and to access an IBM AIX box (using MultiView 2000).  All PC's at all sites are running XP Pro with at least SP1 on them.  
The remote sites need access to the main site for email (Exchange - lets call it Exchange); files (lets call it FS1) and the AIX box.  All sites communicate via TCPIP.  The main site is using DHCP.  All remote sites have the IP address of the 2 servers in their HOSTS file.
The issue were are having is unreliable communications between the remote sites and the main site.  Login to the domain is usually OK but Outlook access to the Exchange box is unreliable.  Sometimes it is ok but others it gives Exchange cannot be found Retry, Work Offline or Cancel.  If you hit Retry 3 - 4 times, sometimes is connects.  
Also, maybe unrelated, is the Telnet software (MultiView2000) just stops repsonding.  There could be days where the software loosed connection every hour or so.
The DSL speed at all but 2 sites is around 1.2 to 1.5 MBS while the 2 slow sites are around 384 K (since they are so far away).
I set the MTU's on the PC's at 2 sites to test - does seem to make much difference.
Any ideas on how to improve this situation?

Thank You
0
Comment
Question by:jpoole_007
  • 2
4 Comments
 
LVL 5

Assisted Solution

by:mrpez1
mrpez1 earned 250 total points
ID: 10673138
I'm not familiar with the Nokia IP30 but it must have a log.... Can you see the tunnels going up and down? What are the Security Associations' life spans? If they're really short that might be your issue as the tunnels are constantly renegotiating.

If not, I'd look for packet loss. Are all the remote sites having these difficulities equally? If so, I'd check out  the T1 then the different offices' routes to the T1.
0
 

Author Comment

by:jpoole_007
ID: 10680366
Thanks MRPEZ1,

I will check the T1 as the sites do seem to be similar.  Since I'm a VPN newbie, I haven't seen any settings for IPSEC timing configurations (your reference to Security Associations).  I will continue to examine this as well.
I will be checking on these things this afternoon.

0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 250 total points
ID: 10683622
have you tried changing VPN gateway's MTU settings?
0
 

Author Comment

by:jpoole_007
ID: 10892388
I am splitting the points between the bbao amd MPREZ1 since both were right.  We ended up removing TDS Metrocom Xdata and replaced it with TDS Metrocom T1.  Also, we had SOHO engineers on it along with Nokia engineers.  The SOHO people (from Isreal) had to make some modifications to the 225U box including MTU settings.  It didn't work right away but after rebooting the remote sites, it seems to be much more stable than before.  I won't hold my breath for at least another week though:)

Thank you both for your time and input
Sorry for the delay in getting back to you with points as I have been loosing my mind with this issue; an issue that was easily implemented at other clients.

Jim
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
new to networking configuration 6 31
SSL RA VPN 7 75
Nexus OS - OSPF Command 3 30
Trying to make SNMP connection work 7 41
I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now