Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
VPN Gateway: NS5XP, ScreenOS 5.0.0R9
VPN Client: VPN Tracker 4.x or 5.x
VPN Tracker und NS5XP are configured as suggested by equinux.
Local Server: AppleShare Server
The Problem is that downloads form the server are really slow while uploads are fine. I tried it from different internet connections, with different computers and two different versions of the VPN client. The problems remain the same, qualitatively, not neccessary quantitatively. I also checked the bandwidth of the internet connection where the 5XP is connected to. 2MBit/s up- and downstream. I've included two diagrams of the transfer rate, one for an upload to the AFS server und one for the download of the same file, respectively. The download shows a much more irregular, erratic behavior, with a much lower average transfer rate. I really don't know what could be the cause of this asymmetry.
Any help is appreciated,
I tried the setting you recommended, but it had no impact on the problem. I lowered the fragment size to a pretty unreasonable 100, but even this did not change the principal situation.
P.S. I tried a Windows (SMB) share also. The problem remained the same, so I conclude that the problem is not protocol related (AppleShare over IP, AFS).
Thanks for your efforts,
Are there interface errors on either the Juniper or any L2 switches between the server and the ISP demarc? Is there a duplex mismatch somewhere? You may want to do a packet capture and analyze in Wireshark or another application. Follow the TCP flow, look at the graph for periods of packet retransmissions causing repeated TCP slow start. It could be that there is a problem with the ISP connection. If you suspect this, the Windows utility called pathping may be useful to determine where packet loss might be occuring.
I already noticed a high error count on the untrust interface, but didn't know what to do about it. Following your lead I tried
set interface untrust phy full
and the performance improved dramatically, I now hit the respective bandwidth limits und the behavior no longer seems erratic. Keep fingers crossed.