John_Getzke
Enthusiast
Enthusiast

We are using a Cisco VPN Portal as our Security Gateway in this situation.

Details on IPsec tunnels from Cisco here:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guid...

IPsec provides secure tunnels between two peers, such as two routers. You define which packets are considered sensitive and should be sent through these secure tunnels, and you define the parameters which should be used to protect these sensitive packets, by specifying characteristics of these tunnels. Then, when the IPsec peer sees such a sensitive packet, it sets up the appropriate secure tunnel and sends the packet through the tunnel to the remote peer.

...

Multiple IPsec tunnels can exist between two peers to secure different data streams, with each tunnel using a separate set of security associations. For example, some data streams might be just authenticated while other data streams must both be encrypted and authenticated.

...

IP-based data is vulnerable to hackers' tampering and eavesdropping. IP's strength is that it has small, manageable packets of electronic information that can be routed quickly and easily. These chunks of information create breaks in the data stream that allow them to be transmitted efficiently through the network.

Sounds like chunk is another word for IP Packet with Cisco flair added to it.  Thus I imagine what the Connection Server is trying to tell us is that the tunnel from the Security Gateway has been shutdown for one reason or another.  This suggests either something from the Cisco appliance or the users network connection is dropping prematurely.

I tried to reproduce these error messages with some connection testing.  It appeared that the same errors were generated when I removed the internet connection from a test laptop instead of properly disconnecting from the View Client or the VPN portal.  It wasn't always consistent, sometimes I received errors about the stream dropping too.

I wonder if there is anything else we can do on this on from our side of the equation.  Our users are spread out all over the nation yet it seems that only certain pools of users experience these chunk/stream/tunnel related issues.

Reply
0 Kudos