Discussion:
VPN-1 Edge Latency Problem
(too old to reply)
Dan Ingling
2004-11-11 11:32:32 UTC
Permalink
My government agency has been working on a Checkpoint FW-1 deployment
that involves 35+ remote sites with Sofaware VPN-1 Edge devices.
These sites have broadband Internet via either DSL or Cable, and are
linked back to the FW-1 with a AES/SHA-1 tunnel. The pipe at the main
site where the FW-1 sits is a DS3 with 10Mbs. Here's the issue. We
see problems with domain logon and accessing shared resources from
time to time. Originally, it was though to be a DNS issue, but we
have found a consistent latency issue at the sites. Pinging a host on
the WAN from any PC at a site produces a time-out or 3000-4500ms
response on the first reply, and the next three are normal 20-30ms.
Ping again right after and all four are normal. If you wait exactly
30secs and ping the second time, back to a long delay or no response
on the first ping. The tunnel is always up from what we can see. Any
thoughts on what might be happening on this 30-second interval that
causes the intial latency. Note that if you establish a connection to
a remote device that produces regular bi-directional traffic, you
STILL see the latency issue on the first attemp to connect from the
same PC. Help.

Dan Ingling
County of Burlington, NJ
Chris
2004-11-11 17:28:19 UTC
Permalink
Post by Dan Ingling
My government agency has been working on a Checkpoint FW-1 deployment
that involves 35+ remote sites with Sofaware VPN-1 Edge devices.
These sites have broadband Internet via either DSL or Cable, and are
linked back to the FW-1 with a AES/SHA-1 tunnel. The pipe at the main
site where the FW-1 sits is a DS3 with 10Mbs. Here's the issue. We
see problems with domain logon and accessing shared resources from
time to time. Originally, it was though to be a DNS issue, but we
have found a consistent latency issue at the sites. Pinging a host on
the WAN from any PC at a site produces a time-out or 3000-4500ms
response on the first reply, and the next three are normal 20-30ms.
Ping again right after and all four are normal. If you wait exactly
30secs and ping the second time, back to a long delay or no response
on the first ping. The tunnel is always up from what we can see. Any
thoughts on what might be happening on this 30-second interval that
causes the intial latency. Note that if you establish a connection to
a remote device that produces regular bi-directional traffic, you
STILL see the latency issue on the first attemp to connect from the
same PC. Help.
Dan Ingling
County of Burlington, NJ
We have had exactly the same problem. This should be fixed in firmware
version 4.5.57.

http://sofaware.infopop.cc/eve/ubb.x?a=tpc&s=5006072361&f=5306072361&m=9671013161

Chris.

Continue reading on narkive:
Loading...