New subject: Help requested - Netscreen IP Sec VPN over DSL

19 Jun 2005

      I used to be Netscreen support for Renaissance NZ and while I saw a few strange issues I never saw a problem with IPSEC VPNs specifically over ADSL.

Without knowing where the device in question was sourced from, I can't be totally specific, but assuming it was purchased through a NZ retailer / SI / Supplier, You should get in touch with them - and if you have no luck, phone Lan1 or Renaissance.

Remember that the suppliers generally only provide support to resellers, but they both have some talented people that might help you out - I know both have operated some form of professional services department at some point.

I'd echo Steve's general thoughts that it's more likely to be a router issue than an ADSL issue (unless you're trying to do something over PON or whatever Telecom call that now).

Best of luck.

N.

Neil Gardner
Product Manager - Product Line Management
Allied Telesyn Research Ltd
New Zealand
+64 3 339-9509 (ph)
+64 3 339-3001 (fax)
...
...
...
Steve Wray  20/06/2005 8:00 a.m. >>>
Felix Tsang wrote:
Can anyone please give me a pointer as to why I am having big problems with
using a Safenet VPN client (conecting to) -> Netscreen VPN/FW appliance via
Jetstart / UBS / Jetstream ?   This is happening on multiple disassociated /
unrelated networks.
I am using mostly Dynalink RTA300 DSL Modems, and Netscreen 5XT / GT boxes.
I believe it is something to do with the NZ DSL network as this type of VPN
setup has worked well for over 1/2 years until it start to become more and
more unreliable. Can anyone help or suggest a solution?
I've recently been doing some research trying to isolate a problem with
a clients multiple Linux-based IPSec VPNs running through consumer-grade
ADSL routers.

(I would guess that your Safenet/Netscreen devices are using some form
of IPSec VPN).

My findings were unusual; the more recent the model of ADSL router used,
the more unreliable the VPNs became when under load.

For me, this was only the case when running multiple VPNs.

Older model ADSL routers performed admirably (the Nokia M1122 was
fantastic) while later model ADSL routers ranged from some models
reliably crashing after 30 seconds of load to other models seeming ok on
the bench but performing very badly in the field. Some brands actually
got worse with more recent firmware upgrades or chipsets.

Some googling revealed that there may be problems routing ESP traffic
for multiple IPSec VPNs through cheaper, less well engineered ADSL routers.

I am guessing that modern consumer grade ADSL routers fall into the
"less well engineered than they used to be" category.

Its just barely possible that this also applies to the hardware used in
the exchanges and ISPs.

Just a guess.

For what its worth, we are moving away from IPSec to openvpn.
Unfortunately, once you've bought into a hardware VPN solution, it
becomes somewhat harder to make that sort of change...

_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz 
http://list.waikato.ac.nz/mailman/listinfo/nznog

NOTICE: This message contains privileged and confidential
information intended only for the use of the addressee
named above. If you are not the intended recipient of
this message you are hereby notified that you must not
disseminate, copy or take any action in reliance on it.
If you have received this message in error please
notify Allied Telesyn Research Ltd immediately.
Any views expressed in this message are those of the
individual sender, except where the sender has the
authority to issue and specifically states them to
be the views of Allied Telesyn Research.

Re: [nznog] Help requested - Netscreen IP Sec VPN over DSL

neil gardner

Bill Walker

tags

participants (2)