cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
670
Views
2
Helpful
4
Replies

Name resolution latency on site converted from Frame-Relay to VPN

bschmi
Level 1
Level 1

This is a bit hairy, so excuse my detailed explanation as if I were speaking to a child....

One of my customer's has a remote site in Canada on 256/64k Frame-Relay. They need at least 512k for bandwidth picky applications and have a scheduled plan for upgrade to 1Mb in a few months. They couldn't wait for the upgrade and had DSL installed as a temp fix. (NOTE...customer went with cheapest option/equipment available). They purchased a PIX 501 and already had a Cisco 2611 router with 2 ehternets. Then PIX 501 is currently tunneled to a customer VPN access point in to their network. One 2611 router ethernet is connected to the PIX and the other is connected to the site LAN (Cisco 2950s). Testing the VPN connection (without affecting the production Frame-Relay) with a couple laptops was successful with great response time, to include name resolution. Cutting the site over from Frame-relay to DSL wasn't as successful. I shut down the Frame-Relay sub-interface on the old router and moved the single cat5 LAN connection and plugged it in to the new 2611 router. We rebooted all network devices and started fresh. The first few PCs on the LAN worked with great response time. After 10 to 15 minutes any PC that logged on to the LAN would experience a large delay. I had onsite assistance that would run ping and trace tests for me on the PCs experiencing a delay. If pinging by address, the response was excellent (30 to 40ms). If pinging by name, the response was also excellent (30 to 40 ms), but it would take a long time for the results to be displayed on the screen. So any attempts at a device by name would experience latency, but no problems by address. Nothing was changed in DNS/DHCP/WINS, just the routing and network hardware was changed. The same symptoms were seen when running traceroutes. I ran ping to addresses and device names from the switches on the LAN, and didn't experience any latency. One other symptom.....After 15 to 20 minutes, the first few PCs on the network that didn't experience any latency just all of a sudden lost Internet access, but were still capable of accessing other network apps and mail.

Any assistance with this would be greatly appreciated.

2 Accepted Solutions

Accepted Solutions

Patrick Laidlaw
Level 4
Level 4

The DNS is it local to the LAN or is there more than one DNS server used?

Something that you might think about is look at the licensing on your pix to see how many PC's are allowed by it. The typical pix is 10~15 if it's not an unlimited version.

Try clearing the xlate after a PC is havening problems getting to the internet if it immediatly is able to get back out I would guess it's your licensing.

The slow DNS I'll wait to hear back from you before jumping at anything.

Patrick

View solution in original post

My experience is that once it reaches 10 "unique" connections they will fail. A unqiue connection doesn't have to be active, it just counts up the 1st 10 then thats it. A reboot will clear this temporarily.

View solution in original post

4 Replies 4

Patrick Laidlaw
Level 4
Level 4

The DNS is it local to the LAN or is there more than one DNS server used?

Something that you might think about is look at the licensing on your pix to see how many PC's are allowed by it. The typical pix is 10~15 if it's not an unlimited version.

Try clearing the xlate after a PC is havening problems getting to the internet if it immediatly is able to get back out I would guess it's your licensing.

The slow DNS I'll wait to hear back from you before jumping at anything.

Patrick

I think you may be on to something with the licensing, which is only allowing 10 inside hosts. I am researching this and will let you know how it turns out. Thanks for the response!

My experience is that once it reaches 10 "unique" connections they will fail. A unqiue connection doesn't have to be active, it just counts up the 1st 10 then thats it. A reboot will clear this temporarily.

I spoke with Cisco. You were correct, the licensing appears to be the reason for failed/latent connections. Even though the 501 allows for 32 DHCP addresses, only 10 active connections will be allowed through the firewall at any one time. Thanks for taking the time to read through my post. I truly appreciate it and will rate your help. Thanks again!

Review Cisco Networking for a $25 gift card