[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: [Sidewinder] Mysterious VPN Drops
From: sidewinder-admin () adeptech ! com
Date: 2003-07-01 19:58:50
[Download RAW message or body]
Folks,
I've had several SoftRemote VPN users, the ones that tend to stay in
telnet sessions for long periods of time, complain about frequent
"drops". Most found that they had to Deactivate and Reactivate SoftRemote
to get it going again, and generally lost their work since the last
'save'. It's been a real sore spot for them, and wasn't doing much for my
popularity. While troubleshooting with one of them, I ran across something
that others may find of interest.
TCPDUMP revealed that though their telnet session was using the VPN,
their mail client was checking for mail over the Internet. The IMAP server
resides in a protected network behind the same Sidewinder, so both the mail
queries and the VPN were hitting the same external NIC. Every time they
checked for mail, there would be a burst of UDP 500 traffic -- the VPN was
re-negotiating. Since they check for new mail every 5 minutes, that
created a LOT of opportunities for failure. By changing the mail client to
use the private IP address of the mail server so that their mail queries
went through the VPN, the problem went away.
Another way to accomplish the same thing is to have the users point to
the Internal DNS server, so that the name resolves to a private address
defined in the VPN policy. There are probably applications other than mail
that could cause the same problem, but none come to mind right now. Hope
someone else finds this useful.
Dave
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic