RE: OT-Netscreen 5xp VPN very slow [7:62461]
Hi, Did you check the NS-5XP log? Also, if you place your PC behind the NS and access internet, what's the path of your traffic? Simply PC-> FW-> cable modem-> Internet OR PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> Internet? BUT you mentioned 3DES, if NS is just using as a Firewall, encryption (3DES and VPN) should not cause your problem. rgds, ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62487&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
Well, having worked with the Netscreen Firewall products, I find it interesting that you feel its your bottle neck. Take a look at the architecture you've outlined: PC--->NetScreen--->Cable Modem> VPN Gateway (what type of gateyway is this?)>Internet. The short answer here is that anytime you add security devices to a traffic flow especially when cipher-decipher takes place, you'll take a performance hit. That's the price we pay (though things are improving dramatically!) for privacy. NetScreens traditionally are quite fast devices and though the 5X is a smaller appliance its still quite good. Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 1:24 AM To: [EMAIL PROTECTED] Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461] Hi, Did you check the NS-5XP log? Also, if you place your PC behind the NS and access internet, what's the path of your traffic? Simply PC-> FW-> cable modem-> Internet OR PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> Internet? BUT you mentioned 3DES, if NS is just using as a Firewall, encryption (3DES and VPN) should not cause your problem. rgds, ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62500&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
I'm using the first connection. But if I access intranet, I would go through a gateway on the other end. Don't see anything abnormal in log. Thanks. Xueyan Ivan Yip wrote: > > Hi, > > Did you check the NS-5XP log? > Also, if you place your PC behind the NS and access internet, > what's the path of your traffic? Simply PC-> FW-> cable modem-> > Internet OR > PC-> FW( VPN gateway ) -> cable modem -> VPN gateway -> > Internet? > > BUT you mentioned 3DES, if NS is just using as a Firewall, > encryption (3DES and VPN) should not cause your problem. > > rgds, > ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62516&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
William, I just pointed out the one of the possible architecture. VPN gateway I mentioned may be other vendors that can work with netscreen like checkpoint... Any problems on my thought? Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62559&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
My mistake, I thought that you were implying that there was a performance issue with that architecture. Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 10:49 PM To: [EMAIL PROTECTED] Subject: RE: OT-Netscreen 5xp VPN very slow [7:62461] William, I just pointed out the one of the possible architecture. VPN gateway I mentioned may be other vendors that can work with netscreen like checkpoint... Any problems on my thought? Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62561&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
Do you think it is the LAN negotiation problem? As 5XP only have 10M interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62564&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
checked duplex/speed, they were 10 half, set to full, didn't help. I'll post my findings if I can find the problem. Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62581&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT-Netscreen 5xp VPN very slow [7:62461]
finally found the problem. my end is configured for IKE replay protection but the far end isn't so it drops packets. The interesting thing is that I got some packes but not all, which made me think it's simply slow. found this out by "debug vpn". Thanks all for your help. Cheers. Xueyan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62589&t=62461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
