Bordermanager, routers, and VPN's!

[Dogers]

We've recently swapped our leased line for a vpn over adsl, which is way faster and generally much nicer. we have novell servers on one side with a bunch of clients (call it side A) and an nt server with a bunch of clients on the other side (call it B).

now, either side can ping pretty much everything on the opposite side (as well as its own side, of course) BUT nothing on side B can ping bordermanager, on side A. bordermanager also cannot ping the router on side A that creates the VPN to side B, even though it has the same ip address as the previous leased line router. after leaving the ping command running on BM, only about 50-33% of the ping packets are being returned, but when they are, theyre coming back at the speed i expect (100mbit ethernet lan, 0.5ish ms!)
the router itself cannot ping bordermanager at all, but all the machines on side A, BM's side, can ping bordermanager absolutely fine! as another twist, all on side B can ping the main novell server which is on side A fine, and that server can ping the new router fine also.

does bordermanager do anything funny with MAC addresses at all? i wouldnt have thought so, but barring incredible odds of a switch/hub partial failure, i really cannot see whats going on here!

help, need ideas!!?

 

[DrGreen26]

You should flush the ARP tables on the Server, Routers and Switches. This should resolve most of the problems if not all. I would recommend you map out the network and since you are doing VPN and non-dedicated line, you may need to increase the Time to Live to something higher than 30ms at the router and server level.

Keep in mind since you are doing VPN, the TTL works like this, if I send out a packet and I get no reply in 30ms, I assume the packet did not make it and I resend, but what may really be happening is that the reply is taking 35 or 40ms in which case it gets back to the router but since the TTL has elapsed, the packet is dropped. <--- this can cause a lot of congestion on a network too with packets being re-sent until one actually makes it back within the TTL timeframe.


Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.

 

[Dogers]

i dont think its the vpn thats at fault at all.. the bordermanager machine just doesnt seem to have a reliable network connection to the router, whereas the router cant see the bordermanager at all..

i cant really see it being mac addresses, as the novell fileserver can see and be seen fine. when the bordermanager DOES get a ping through, the speed is normal ethernet speeds, about 1ms or less, its just that most of the packets seem to be being dropped somewhere along the line from the bordermanager to the router, but as far as i am aware, the only thing inbetween these two is a single hub

 

[DrGreen26]

If its an issue with maintaining the connection, I would replace patch cables and the network card and see if that resolves it. If not, the next thing I would do is put a sniffer on the same port as BM and capture the packets when you attempt to perform the ping. From there, you should be able to determine if it is something outside of that.


Mark C. Greenwood, CNE
m_jgreenwood@yahoo.com

With more than 10 years experience to share.