DSL/VPN/Cisco/Citrix/packet nightmare.
2007-12-24 20:56:00
--------------9CB481D3A0F3B1F223295E77
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Greetings,
I am interested in finding out if anyone might have any suggestions
for me. (wait...before you start, let me be more specific :-)
I am currently working on getting a VPN connection working from
home via DSL to a Citrix server here at work. Just prior to the
CDE session coming up on the PC at home, the Solaris splash screen
begins to paint...a cursor appears...then it locks up.
Same thing with Win2K/Win98SE.
NOTHING has changed in the last month on my home PC or on the
Citrix server here at work. Of course my DSL/ISP (Qwest) is
potentially involved...and this identical setup worked about
a month ago without any problems....
but after some troubleshooting...here is
something I found here at work might offer a clue.
--------1. The Clues----------
Once I have connected to the VPN connection for my company
in California and connect to the machines I use here in Minnesota...
I tried to simply kick off mail. It starts, and then locks up.
I tried to ftp from Minnesota machines back through the VPN connection
to my home PC. Again, it starts, works for a moment, then locks up.
Same with any graphic functions. Start, then locks up.
Seems to be anything that would require a larger chunk of data packets
to be sent, tend to have this result (start, then lock up).
this would appear to rule out Citrix server as an issue, since it
no longer even needs to be used or involved for me to percipitate
packet failures from the outside world through the VPN connection
in California to here in Minnesota. Additionally, when someone
uses analog lines to dial in to our local Portmaster here in
Minnesota... they are able to use the Citrix server without any
problems, it's only an issue when they do it via VPN.
This same setup locks up from another Admin's home machine as well,
so that would *appear* to clear my local hardware/software setup
from the deal. A couple other users here have been able to get
this setup working, but are using OTHER DSL providers as well as
a router at their home and other variables that may effect this...
------2. Begin the Troubleshooting ---------
So naturally, I call our Networking dudes.
And just as naturally, they deny both having anything to do with the
VPN failure and of course to offer any help in resolving this.
So. In a nutshell (if after a page of crap, you can call this a
nutshell),
The Internal port of the VPN machine (VPN-int) in California can be
pinged
from both PCs and Suns here in MPLS.
The PCs can ping with up to 8K packets. (If I set an -f flag and tell it
not to fragment, they fail any larger than 1472).
The SUNS on the other hand can only ping up to 1472. Then they fail
to ping... 100% packet loss.
So I ping to a SUN sitting next to the VPN-int machine (same routing,
same subnet)
and now it works flawlessly as well.
>From a PC, again, no problems at all....
>From a SUN... now there are no problems at all either.
This would MAKE IT APPEAR that a SUN recipient in California
can 'understand' any sort of ping and reassemble the packets
into data of any size... from ANY source (SUN or PC).
But the PC VPN-int host can ONLY understand ping data of
larger sizes from a PC and doesn't 'understand' how to
reassemble anything larger from a SUN host....
-----------------------------------------------
Are these clues? Am I clear on what I am seeing?
Is this pinging packet size even a clue like it appears,
or is this some anomaly to ignore?
Any ideas on what steps I can take to sort of decide
which of these many many giant black boxes are the
culprit?
ISP? DSL? VPN? Citrix? Solaris? Win2K? Cisco?
If you listen real hard...you can hear me screaming.
--
_/_/_/ _/ _/ _/ _/_/_/_/_/ Dave Wickard
_/ _/ _/_/ _/ _/ _/ LSI Logic Corp.
_/ _/ _/ _/ _/ _/ _/ System Administrator
_/ _/ _/ _/ _/ _/ _/_/_/_/ (952) 921-8588 voice
_/ _/ _/_/_/_/ _/ _/ _/ (952) 921-8399 fax
_/ _/ _/ _/ _/_/ _/ rage at lsil.com
_/_/_/_/ _/ _/ _/ _/_/_/_/_/
--------------9CB481D3A0F3B1F223295E77
Content-Type: text/x-vcard; charset=us-ascii;
name="rage.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Dave Wickard
Content-Disposition: attachment;
filename="rage.vcf"
begin:vcard
n:Wickard;Dave
tel;pager:612-480-6050
tel;cell:612-418-1179
tel;fax:952-921-8399
tel;home:NA
tel;work:952-921-8588
x-mozilla-html:TRUE
org:Information Technology;Global Engineering Services
version:2.1
email;internet:rage at lsil.com
title:System Administrator
adr;quoted-printable:;;LSI Logic Corporation=0D=0ASuite 730=0D=0AAttention:Dave Wickard-System Administration;Bloomington;Minnesota;55437;USA
note;quoted-printable:Pager System is in place for MPLS Design=0D=0ACenter for support of off hours.=0D=0A(952)921-8400=0D=0A=0D=0ANetworks, PCs, Workstations, Peripherals.=0D=0AIf it plugs in, and it thinks, we work=0D=0Aon it or know who does.
x-mozilla-cpt:;-28696
fn:Dave Wickard
end:vcard
--------------9CB481D3A0F3B1F223295E77--
Comments
Got something to say?
You must be logged in to post a comment.
