Netwontwork
MIS
My client has just installed a Netscreen 5XP on a 256K ADSL internet link in Bahrain. He has a Netscreen 25 at his corporate office in the UK.
I have configured the two appliances to create a VPN tunnel between them, so semi-transparent file/mail access could be achieved. I tested the link with on of my client's laptops and successfully logged into his LAN (and sent email), over the netscreen VPN, from our internet connection. The config was this: - static IP at each end, Auto IKE, no peer IDs. This was in the UK.....
.....I reconfigured the NS 5XP for the ADSL link, changing the static IP config to DHCP assigned and adding a local and peer ID in the relevant places on the 5XP and 25. Then shipped it to Bahrain where it was connected up. All seemed hunkydorey with the VPN tunnel. It auto negotiated the p1 and p2 negotiations and established the tunnel. FINE! I thought. Users logged in over the link OK, could copy server files OK. Then they went to check their email.
No go. The outlook client, when you click "Work Online" goes away for a while, egg timing, then switches back to "Work Offline". I can ping the server, for both it's public and private IP address.
Netscreen tech support have told me to change the TCP-MSS to 1400, then 1250, to prevent fragmentation. To no avail.
The policy rules were set to incoming ANY and outgoing ANY for the VPN between the 2 offices. Then I changed ANY to a custom service which is REALLY ANY (i.e. ports 0-65535 TCP & UDP source and destination). No change.
Has anyone come up against this before? Netscreen don't really seem to have any valid suggestions.
I have configured the two appliances to create a VPN tunnel between them, so semi-transparent file/mail access could be achieved. I tested the link with on of my client's laptops and successfully logged into his LAN (and sent email), over the netscreen VPN, from our internet connection. The config was this: - static IP at each end, Auto IKE, no peer IDs. This was in the UK.....
.....I reconfigured the NS 5XP for the ADSL link, changing the static IP config to DHCP assigned and adding a local and peer ID in the relevant places on the 5XP and 25. Then shipped it to Bahrain where it was connected up. All seemed hunkydorey with the VPN tunnel. It auto negotiated the p1 and p2 negotiations and established the tunnel. FINE! I thought. Users logged in over the link OK, could copy server files OK. Then they went to check their email.
No go. The outlook client, when you click "Work Online" goes away for a while, egg timing, then switches back to "Work Offline". I can ping the server, for both it's public and private IP address.
Netscreen tech support have told me to change the TCP-MSS to 1400, then 1250, to prevent fragmentation. To no avail.
The policy rules were set to incoming ANY and outgoing ANY for the VPN between the 2 offices. Then I changed ANY to a custom service which is REALLY ANY (i.e. ports 0-65535 TCP & UDP source and destination). No change.
Has anyone come up against this before? Netscreen don't really seem to have any valid suggestions.
