ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Packet Drops On The VPN Connection

05.04.11   |  
‎05-04-2011 09:51 PM

Hi Friends,

 

  We have a VPN tunnel between Juniper SSG-550M and SSG-5.

The SSG-550M is located in the Data Center and the SSG-5 is located at the remote office.

 

Users in the remote office started to access the new Exchange server in the data center, and some are

complaining that email is freezing during the day.

 

While testing I noticed that there are packet drops on the VPN tunnel when performing contiguous ping from the 

remote office to the exchange server in the data center.

 

i'm not sure if we need to tune the MTU size on both ends, or increase the internet bandwidth, can you please advise.

 

Thanks in advance.

 

 

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Packet Drops On The VPN Connection

05.05.11   |  
‎05-05-2011 06:03 AM

Hi,

 

If your problem is related to windows scaling you can set your MTU to 1500 on the servers and also set MSS to about 1300 but first check Path MTU Discovery is enabled both ends of the link (On both Firewalls).

 

 

Regards

 

Gavrilo

ScreenOS Firewalls (NOT SRX)

Re: Packet Drops On The VPN Connection

05.17.11   |  
‎05-17-2011 08:51 PM

How to check if path MTU discovery enabled? there is 0 bytes in interface there.

ScreenOS Firewalls (NOT SRX)

Re: Packet Drops On The VPN Connection

06.16.11   |  
‎06-16-2011 07:55 PM

Actually, we were undersized. The ISP circuit was running at 100M while the SSG5 maximum throughput on the

VPN tunnel was around 40M.

We upgraded to SSG320M, and the packet drop issue was resolved.