DSL/Nortel VPN/3Com Hub issue

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

We have been trouble shooting a VPN issue for several weeks and are
quite perplexed! In a test enviroment, we have a branch office tunnel
configured on a Nortel 1010. We have the public interface of the 1010
connected into a 3Com hub. We also have the ethernet port from our
Westell modem plugged into the same hub. The Westell is configured with
the network 192.168.0.0/24 and the ip of the Westell is 192.168.0.1.
The public interface of the 1010 is configured with the ip 192.168.0.2,
its subnet mask is 255.255.255.252 and its gateway is the Westell. We
have the private interface of the 1010 plugged into a different hub and
it is using a different ip network. The tunnel comes up, but we can
ping the mgmt IP of the 1010 only intermittently. Sometimes we can ping
it fine, sometimes it won't ping. However, if we leave a continues ping
running, we discovered that we do get a successful ping every 240
pings, or every 4 minutes! We also discovered that if we plug the
public interface of the 1010 directly into the Westell, that the pings
work fine. Any ideas!?

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

Thanks Mike. The problem with directly connecting the 1010 to the modem
is that when it is shipped to a client's office, they may already have
a device plugged directly into the modem and we do not want our device
to replace theirs. Or they may have a hub or a switch plugged into it
too which we cannot change. Also, we are not using a switch in our test
environment - just two 3com SuperStack II PS Hub 40's. The Westell
(using a Xover) and the public interface of the 1010 are plugged into
Hub #1. The private interface of the 1010 is plugged into hub #2. I do
believe that both interfaces are set to autonegotiate. Does that matter
with a hub? I can set them to 10 and see what happens.

As for hardware, we're using some of the same cables, but not all, but
we have used two different pairs of hubs plus two 1010's, so I don't
think it is hardware.

 

[Guest]

Archived from groups: comp.dcom.vpn (More info?)

neicymath@hotmail.com wrote:
> We have been trouble shooting a VPN issue for several weeks and are
> quite perplexed! In a test enviroment, we have a branch office tunnel
> configured on a Nortel 1010. We have the public interface of the 1010
> connected into a 3Com hub. We also have the ethernet port from our
> Westell modem plugged into the same hub. The Westell is configured with
> the network 192.168.0.0/24 and the ip of the Westell is 192.168.0.1.
> The public interface of the 1010 is configured with the ip 192.168.0.2,
> its subnet mask is 255.255.255.252 and its gateway is the Westell. We
> have the private interface of the 1010 plugged into a different hub and
> it is using a different ip network. The tunnel comes up, but we can
> ping the mgmt IP of the 1010 only intermittently. Sometimes we can ping
> it fine, sometimes it won't ping. However, if we leave a continues ping
> running, we discovered that we do get a successful ping every 240
> pings, or every 4 minutes! We also discovered that if we plug the
> public interface of the 1010 directly into the Westell, that the pings
> work fine. Any ideas!?
>

If it works fine plugged directly into your modem then just do that. If
you want to know the reason it fails with the switch, I would guess the
port speed autodetection is failing, try setting the speed and duplex
setting manually on both devices (VPN and modem). Also make sure that
the public interface is not cross-wired to the private interface through
that hub or you will have problems. (The public interface thinks the
packets from the private interface are IP spoofing attempts)

It goes without saying that you tried a different switch and cables right?



--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)