Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange connection issues through VPN

Status
Not open for further replies.
MarkhP

MarkhP

MIS
Apr 24, 2002
258
GB
Anyone offer some suggestion on this?
Have a Netscreen5 in Germany and Netscreen10 in UK. VPN configured between the two. No restrictive policies are in place for internal traffic between UK&Germany.

UK to Germany and vice-verse ping responds fine through VPN.Web browsing at both ends is fine.
UKPC can connect via VPN to German NS5 and administer with HTTP. UKPC can connect to GermanPC using NetSupport to take control of the GermanPC (PCAnywhere type app). Connection is lost if file transfer between the two pc's is attempted with Netsupport.

GermanPC can connect to NS10 in UK and administer using HTTP. GermanPC cannot get a page from Web server (IIS) or access Lotus Notes (both Windows2000 on UK network) via VPN.

UKPC can bring up web page from networked German HP Printer.
UK servers cannot print to German printer via IP.

Final weirdness is that Windows XP laptop users in Germany are able to connect over VPN to UK with no problem. The German pc's that are Windows 98 are having the problem getting into the UK network.
Nothing I can think of has changed at either firewall and the link had been working for months previously.
 
Sort by date Sort by votes
Have you tried the following commands on both netscreens.

NS>set flow tcp-mss 1340
NS>set flow path-mtu

they are specific to tunnel traffic only and reduce packet size and negate df bits set in the ip header respectively.

Regards

Njetscreamer
 
Upvote 0 Downvote
Thanks for the feedback. Sorry I didnt get back to update this. After some further testing this week (you were right on track) it was found that the ISP had changed the config of the SDSL device in Germany which reduced the MTU size.

Thanks Njetscreamer
 
Upvote 0 Downvote
No worries,

glad its all up and working.

Don't find the time these days to post much here, too many configs to debug :(

Regards

Njetscreamer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
825
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
337
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
982
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
262
WhosYourDiffie
WhosYourDiffie
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
219
Garbear
Garbear

Part and Inventory Search

Sponsor

Back
Top