Re: Very slow NetScreen Remote to 5XP over Internet via DSL
From: Bill Williamson (wwilliam@ma.ultranet.com)Date: 02/15/02
- Next message: dr.emailposter: "Re: red text"
- Previous message: Yan Roosens: "Re: 2 records found for the same IP address on www.ripe.net"
- In reply to: Robert Mortimer: "Re: Very slow NetScreen Remote to 5XP over Internet via DSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: wwilliam@ma.ultranet.com (Bill Williamson) Date: 15 Feb 2002 13:49:05 -0800
Robert Mortimer <robm@bob.bofh.org> wrote in message news:<slrna6oh60.jbl.robm@bob.bob.bofh.org>...
> [snip]
> >[WW] I've set it up with an AutoKey Ike and can ping to various locations
> > on a 192.168.x.x LAN, and can map to a network share and even use
> > Outlook to an exchange server on the LAN.
>
> [RM] Most of the hardworks done, what sort of ping response times are you
> getting? Also if you look at the logging for both netscreen remote
> and the 5XP are there any time outs in the session negotiation?
> >>
[WW] Logs are pretty clear, occasionally there will be a "message not
received, retransmitting..." I've been seeing this as due to delay.
Ping response times from here to the 5xp untrusted interface at the
LAN range from 150ms to 250ms. From here to my firewall they are
10ms, from here to my ISP gateway they are 32ms.
> [RM] The obvious thing to do is do a traceroute to the external interface
> of the 5XP, from the Win 2K box, might be worth just pinging that as
> well. That should give you an idea of what the network's doing outside
> of the VPN session.
[WW} Good idea.... Here is an interesting result over the
tunnel...
C:\>tracert 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 297 ms 437 ms 438 ms 192.168.0.1
Trace complete.
C:\>
>
> [RM] Also do you have time/data limits on the session? Is the session
> timing out and restarting. Is the 5XP unlimted? If not how many other
> sessions tend to be active at anyone time, could you be reaching the
> session limit and waiting for that to time out?
[WW] At the moment I only have two sessions going. Symptoms are the
same with just one session from here. Logs at the remote seem okay,
logs at the 5XP aren't set up for Traffic, Self Log. No Device reset
entries. Active users showed 8 incoming sessions from the server's
IP, I bumped them off which didn't seem to change anything. Event log
showed the 5xp system clock being updated from the server, my login
for web management of the 5XP.
The search goes on...
- Next message: dr.emailposter: "Re: red text"
- Previous message: Yan Roosens: "Re: 2 records found for the same IP address on www.ripe.net"
- In reply to: Robert Mortimer: "Re: Very slow NetScreen Remote to 5XP over Internet via DSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
