Hi Experts
I happen to bump into a strange issue.
I have 2 X SRX 240H2 boxes (BRANCHES) (Lets call it B1 and B2) + 1 Cyebroam CR50iNG BOX (Head Office, lets call it HO)
I am doing Site to site VPN
Tunnel 1: Cyberoam (HO) to >> SRX 240 H2 for Branch 1 (B1) - througput only 400 KB/sec on 20 Mbps link
Tunnel2: Cyberoam (HO) to >> SRX 240 H2 for Branch (B2) - through put only 400 KB/ Sec on 20 Mbps Link
Tunnel3: Cyberoam (HO) to >> Cisco ASA 5505 for Branch (B2), works fine, throughput 2.1 MB/ sec on 20Mbps Link
Tunnel4: SRX 240 H2 (B1) >> SRX 240 H2 (B2), works fine, throughput 2.1 MB/ sec on 20Mbps Link
My issue
Cyberoam has an email ntoification feature to send if VPN is down, i get DPD Declared dead at cyberaom end every 45 minutes or so sometimes 30 Minutes
What i did is:
- Configured SRX 240 in standard config through wizard
- VPN Monitor & DPD is OFF at SRX 240 end
- ran the command "security flow tcp-mss ipsec-vpn mss 1350"
Observation
- Even though is get DPD from cyberoam, my ping has no break or may be 1 break in about 3 hours
- Speed is very low, compared to a Cisco ASA 5505 on same branch on a different line with cyberoam,
- Between SRX 240 B1 and B2 speeds are fine.
- I tried turning off the "security flow tcp-mss ipsec-vpn mss 1350" there is no difference except the fact between B1 and B2 speeds drop
My SRX 240 Config is attached
All i am looking is for a stable VPN connection with Cyberoam and SRX 240h2 devices, we have invested a lot of time playing around with MTU and MSS at cyberoam end, however cyberoam can only manipulate at WAN interface not only for internet traffic.
any help will be good.
Thank you in advance