If anyone is curious, it looks like we've finally traced it down to something to do with the link between the SRX(1400-XGE) and Cisco Nexus 5548s. VPC and LACP, so lots to go wrong there(IE: Juniper and Cisco defaults do not get along) - but still not sure why it's only showing up when SSL VPN gets involved(although parallel v. serial flows make sense if it's link agg).
Still not sure what, precisely the actual problem is. I'm hoping it's something really stupid on my part, because this was a bear to track down and it'll make a fun story. On Sun, Jan 26, 2014 at 5:06 AM, John Stoffel <[email protected]> wrote: > > Nick, > > Just for hahas, have you checked the OS versions of both the SRX and > the ASA to make sure they're upto date? Can you post more information > on the config setup on them to link them together? > > I guess what I'd also do is reset the SRX and ASA back to defaults so > as to make sure all the settings and rules I applied were correct and > what I wanted. > > Heck, I'd probably also pull and replace all the cable(s) between > those two as well, juts in case it's a flaky cable or GBIC that's > holding things back. > > Looking at the Juniper site, alot of the low end SRXs only have 10/100 > ports, could that be an issue here? I don't remember if you said > which model you have installed. > > So... if you go over VPN past the SRX without touching it all, then > performance is nice and fast? Are you sure the SRX doesn't have > packet inspection turned on or something like that? Simplify the > config down to the bare minimum and keep trying. > > And then share with us the solution, even if it's an "oops, I didn't > know that was turned on/off/sideways..." type. *grin* > > Good luck! > John >
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
