Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Can changing port speed on a switch cause issues with VPN connectivity?

We discovered mismatch port speed on an upstream switch port connected to the inside interface of the IPS.  Fixed that and the network latency for VPN users resolved but now we are discovering a handful of users are having connectivity problems.  They get connected with their endpoint client and get disconnected within seconds.  These users are assigned static IPs via ipassignment.conf.  After removing them from this file, they are able to connect.  We also applied JHF 214 a few days ago, we were running 111.  This is for R80.30 running on VSX.

Trying to find root cause and we are not sure if this had something to do with the port speed change or possibly the JHF that was applied since those are the only two changes made  when this problem occurred.  Any ideas?

Additional details - we are seeing more tunnel test drops after the JHF update.  I'm beginning to think this JHF might be the cause.  Any known issues with JHF 214 from anyone that has applied it recently?

0 Kudos
2 Replies
Highlighted
Admin
Admin

You're going to have all kinds of issues if there is disagreement on connection speed.
However, the issues you're describing now seem to be related to the JHF, thus a TAC case is probably a good idea.

0 Kudos
Highlighted
Contributor

TAC advised us to disable dynamic NAT port allocation and clear the connections and NAT table which seem to have resolved the issue so far.  A kernel level debug was also ran to determine root cause.

0 Kudos