Thanks Tracy, Yes the MTU size could very well be the issue. Just as of Friday, the VPN's came up again through no apprent reason. I have confirmed thru trial that the max MTU size I can put thru the DSL link is 1418 bytes. I'll just have to wait till the VPN's drop again to do the MTU test. Hopefully it'll point to something. Cheers -----Original Message----- From: Tracy Briscoe [mailto:tbriscoe(a)clear.net.nz] Sent: Friday, 17 June 2005 10:05 p.m. To: 'Felix Tsang' Subject: RE: [nznog] Help requested - Netscreen IP Sec VPN over DSL Hi Felix Have you looked at using the 'set flow tcp-mss' on the Netscreen? (http://www.qorbit.net/nn/Dec-2002/0254.html gives some details). We had the problem where a client could access their LAN ok via a dialup connection, but as soon as they started using mobile jetstream, things just broke. If I remember correctly set flow tcp-mss or set flow tcp-mss 1300 was the fix. The client has a Netscreen 5 with a Speed Touch Pro ADSL router, then is using Netscreen remote as the VPN client (Rebadged Safenet VPN client). -Tracy B