I've recently been doing some research trying to isolate a problem with a clients multiple Linux-based IPSec VPNs running through consumer-grade ADSL routers.
(I would guess that your Safenet/Netscreen devices are using some form of IPSec VPN).
My findings were unusual; the more recent the model of ADSL router used, the more unreliable the VPNs became when under load.
For me, this was only the case when running multiple VPNs.
Older model ADSL routers performed admirably (the Nokia M1122 was fantastic) while later model ADSL routers ranged from some models reliably crashing after 30 seconds of load to other models seeming ok on the bench but performing very badly in the field. Some brands actually got worse with more recent firmware upgrades or chipsets.
Some googling revealed that there may be problems routing ESP traffic for multiple IPSec VPNs through cheaper, less well engineered ADSL >routers.
I am guessing that modern consumer grade ADSL routers fall into the "less well engineered than they used to be" category.
Its just barely possible that this also applies to the hardware used in the exchanges and ISPs.
Just a guess.
For what its worth, we are moving away from IPSec to openvpn. Unfortunately, once you've bought into a hardware VPN solution, it becomes somewhat harder to make that sort of change...
Thanks Steve, We have noticed the same thing, we have been using Dynalink RTA300's with no problems. However the RTA770's that replaced them used a completely different chipset and we ran into the same issues you discribed. We have ever since trying to find a good modem to replace it. We have also contacted Dynalink to try to resolve the problem, they have been helpful but there weren't a whole lot they can really do. Re other types of VPN, we have been looking at other solutions as well. Something along the lines of SSH. Has anyone used any sorts of software based SSH VPN products? Cheers