Link to home
Create AccountLog in
Avatar of it2gostl
it2gostl

asked on

PIX 506 to PIX 501 VPN - Performance problems with Exchange Server 2003

I have a PIX 506 to PIX 501 VPN running between a home and branch office. Branch office connects to home office Exchange server for email, using exchange client for full functionality. This usually works well but sometimes there are problems I cannot explain (dropped connects, mail stuck in outbox, won't send) and I was wondering if anyone could offer any suggestions as to wether or not some of the default 'timeout' commands are responsible for this (ie during heavy traffic the exchange connection is first to go, large emails stick in outbox won't transmit, etc).

Also, my maximum xlates are frequently in the 150+ range, might this be a problem?

Any feedback appreciated. Here's my timeout settings:

timeout xlate 0:05:00
timeout conn 20:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute

Thanks!
Avatar of Les Moore
Les Moore
Flag of United States of America image

What else is connected at the 501 end? DSL router/modem? If yes, then it could well be a MTU issue.
You might want to set MaxMTU on the server to 1300, or set MaxMTU on the workstation to 1300, or set the MTU on the PIX501 outside to 1492
ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer