ScreenOS Firewalls (NOT SRX)
Reply
Contributor
MJobay
Posts: 37
Registered: ‎01-29-2009
0

Packet Drops On The VPN Connection

Hi Friends,

 

  We have a VPN tunnel between Juniper SSG-550M and SSG-5.

The SSG-550M is located in the Data Center and the SSG-5 is located at the remote office.

 

Users in the remote office started to access the new Exchange server in the data center, and some are

complaining that email is freezing during the day.

 

While testing I noticed that there are packet drops on the VPN tunnel when performing contiguous ping from the 

remote office to the exchange server in the data center.

 

i'm not sure if we need to tune the MTU size on both ends, or increase the internet bandwidth, can you please advise.

 

Thanks in advance.

 

 

Trusted Contributor
Gavrilo
Posts: 279
Registered: ‎07-14-2008
0

Re: Packet Drops On The VPN Connection

Hi,

 

If your problem is related to windows scaling you can set your MTU to 1500 on the servers and also set MSS to about 1300 but first check Path MTU Discovery is enabled both ends of the link (On both Firewalls).

 

 

Regards

 

Gavrilo

Contributor
johnlee@mol.com
Posts: 106
Registered: ‎06-24-2010
0

Re: Packet Drops On The VPN Connection

How to check if path MTU discovery enabled? there is 0 bytes in interface there.

Contributor
MJobay
Posts: 37
Registered: ‎01-29-2009
0

Re: Packet Drops On The VPN Connection

Actually, we were undersized. The ISP circuit was running at 100M while the SSG5 maximum throughput on the

VPN tunnel was around 40M.

We upgraded to SSG320M, and the packet drop issue was resolved.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.