IPSEC tunnel in China

I am experiencing a weird issue while in Beijing, China. I am currently at a remote location and need to access a database that is in the US. Although I have 2 megs of bandwidth, it drops to about 100k when leaving the country. I have an IPSEC tunnel configured on my PIX

515e to the PIX back in the US. Ping times are around 200-300ms. The problem is that the bandwidth is not there so my data transfers take a very long time. I decided to do some testing and found that the ping times from my office in the US to my Beijing office (not my location) is also around 200-300ms. I configured a tunnel from my location to the Beijing office which is about 5 kms away from me. My bandwidth within China is excellent and ping times are around under 10ms. Once the tunnel is established though, I get 1200ms pings to my office basically making it worthless. I have played around with MTU settings, made sure duplex/speed was correct on all equipment, etc. and can not figure this out. Any help would be appreciated!
Reply to
reinier.nissen
Loading thread data ...

Unfortunately they only guarantee the 2 megs within China. I am about to give up on making my data transfers work over the tunnel back to the US and concentrate on having a tunnel from my location in Beijing to my Beijing office a few miles away. The only problem with that is the

1200ms ping times that I am experiencing through the tunnel. Without a tunnel I get around 10-20ms from my location to the Beijing office. This PIX travels around the world with me and I have never experienced latency or bandwidth problems like this... even out in the middle of nowhere in India!

I definitely have noticed the filtering part of the network here though. I am not able to access BBC's news website and a few others. The other weird thing that I noticed is when using nmap to check out some ports that I have open on a testing machine back in the US, there are some open ports definitely missing from the results. Most notably being all the Windows 135-139 ports and 445. Maybe they should block port 25 and eliminate half of my SPAM too... :)

Reply to
reinier.nissen

Did you by chance drop the MTU?

Reply to
Munpe Q

Yes. I dropped in increments of 50 and went as low as 1200 with no change. I am about to try another ISP that put their line in this building. I'll see if we still have problems.

Reply to
reinier.nissen

Ok. So I moved over to the other ISP and now my ping times to the US are about 500-600ms with 10-40% packet loss and the same ping times to my firewall in the Beijing office. So I got the tunnel up to the Beijing office and now I have 7-9ms ping times and roughly 400ms ping times to my US office. It turns out that one of the ISPs I was using specialized in bandwidth outside of China and the other specializes in local bandwidth. Now I just have to find a way to get my PIX to handle more than one IP address and route accordingly. Anyone know if that is possible with the PIX515e?

Reply to
reinier.nissen

In article , wrote: :I am experiencing a weird issue while in Beijing, China. I am :currently at a remote location and need to access a database that is in :the US. Although I have 2 megs of bandwidth, it drops to about 100k :when leaving the country.

You have 2 megs of bandwidth to your ISP, but does your ISP have

2 megs of bandwidth to out of the country? Have they -reserved- 2 megs of bandwidth for you out of the country, or are you sharing with millions of others?

According to the media we see around here, China has very strict limits on which sites outside China can be accessed, so the low bandwidth is -plausibly- the result of a government policy designed to make it difficult/frustrating to access outside sites. Or it could just be your ISP is too cheap to pay for real bandwidth share. Or it could be a function of the fact that internet connections out of China must all pass through one of a small number of security gateways so that China may block access to sites that it feels are inappropriate to access.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.