No announcement yet.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Juniper Netscreen 5GT Session Overflow

    We have had Shoretel between two of our offices for the past 2 years. On location has the Director and Shoretel VM server for the two sites. At each site we had a Netscreen 5GT router that handled the VPN.

    Two weeks ago we changed our network a bit. Our ISP is now handling our VPN (a MPLS network). We have the following routes in our Netscreens pointing to our ISPs router. -> (trust) -> (trust)
    The immediate problem we had after doing so is that both Netscreens are having Session Overflow problems. I have download a program that can read the session dump and it shows that 85% of all of the session requests have a destination of the Director/VM Server.

    I am getting the following errors on the netscreen. To clear the sessions, I have to telnet into each router and issue a CLEAR SESSION command. The 5GT has a max of 2000 sessions and we have never had a problem staying well underneath that.
    [00005] 2008-12-02 13:07:45 [Root]system-critical-00051: Session utilization has reached 1857, which is 90% of the system capacity!
    In one office we have a L2 so we can't place a route in there, in the other office we have a L3 switch that I have also added the route to.

    Anyone want to take a stab at why this is happening.

  • #2
    the Netscreen, rather than just doing an icmp redirect is tracking the sessions. Can you change the default gateway on the dhcp server to the other router?



    • #3
      The only traffic that should be going across this new route is traffic that will be traveling between offices, so I wouldn't want to change my default gateway to our ISPs interface for the VPN.


      • #4

        I saw use the "opportunity" to get a better firewall.......

        Watchguard x750 maybe?