On Apr 27, 2010, at 10:48 AM, Kevin Day wrote: > > On Apr 27, 2010, at 12:42 PM, Michael Malitsky wrote: > >> I will probably be laughed at, but I'll ask just in case. >> >> We are having particularly bad luck trying to run VPN tunnels over >> Comcast cable in the Chicago area. The symptoms are basically complete >> loss of connectivity (lasting minutes to sometimes hours), or sometimes >> flapping for a period of time. More often than not, a reboot of the >> cable modem is required. The most interesting ones involve the >> following: a PIX or ASA configured as an EZvpn client, connecting to a >> 3000 concentrator, authentication over RADIUS. When I go to look at the >> RADIUS logs, I see connections from the same box with small intervals. >> Timeout is 8 hours, so theoretically I should see 3 connections in a >> 24-hr period. In some cases, I see dozens, in the most egregious cases, >> thousands over a 24-hour period. I am taking that as an indicator of a >> really unstable Comcast circuit. We have not had this problem with any >> other ISP, anywhere in the country. >> I am pretty much down to telling customers to find another provider... >> >> Any thoughts or ideas on the matter will be appreciated. >> >> PS. To be fair (?) to Comcast, this is not a ubiquitous problem. It >> affects about 25% of the installations I get to see. >> >> Sincerely, >> Michael Malitsky >> >> > > We experienced the same thing, and switching from UDP tunnels to TCP tunnels > fixed it. There are two things at play here. > > 1) The SMC modem/router that they insist you use for their "Small Business" > cable internet service seems to have trouble with very high rates of non-TCP > traffic going through its NAT. > If you have business class service, insist that they put the cablemodem in BRIDGE-ONLY mode. This will resolve this issue and eliminate the unnecessary NAT.
> 2) Comcast rate limits non-TCP traffic somewhere on their network. > Comcast rate limits traffic in general. TCP is not less rate limited than anything else in my experience. Owen