SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Juniper SRX240 loss some packet throught VPN

    Posted 07-18-2012 13:05
      |   view attached

    Hi all.

     

    I have a problem with a regular loss of packets through the policy-based VPN channel between SRX240 and CISCO PIX515.

    Disappears about every 20thping. A delay-sensitive applications freeze (RDP client reconnects every 20 seconds). At the same time, packets go to the Internet without loss, ie the problem is with traffic factors through VPN.

     

    If instead SRX240 i use CISCO 506, no problem with channel. I think Juniper are the reason .

     

    ike sessions created and recreated by timeout sucessfully, ipsec too. Command show security ipsec statistics don't show any errors.

     

    please tell me how to diagnose the problem. What logs to watch, debug what to watch in first order?

     

    Sorry for poor english.

    Attachment(s)

    txt
    jun_trest_for_pub.txt   9 KB 1 version


  • 2.  RE: Juniper SRX240 loss some packet throught VPN
    Best Answer

    Posted 07-18-2012 15:13

    Is the encapsulation on the WAN link different when you use the Cisco? Periodic packet loss is often a L1/L2 problem. 



  • 3.  RE: Juniper SRX240 loss some packet throught VPN

    Posted 07-19-2012 01:30

    You should rule out any fragmentation and possible packet loss. Try lowering the TCP-MSS

     

    user@host#set security flow tcp-mss all-tcp mss 1350
user@host#commit

     



  • 4.  RE: Juniper SRX240 loss some packet throught VPN

    Posted 07-22-2012 23:37

    Thanks all for answers!

     

    Recent tests showed that I was not properly formulated the problem. I will discribe the problem in new topic.