Question : Cisco 871 to Netscreen 204 problem.

I have an remote site that currently has a DSL connection.  We have installed a Cisco 871 router and setup a VPN tunnel back to our corporate office here.  It connects to a Netscreen 204 appliance.  The VPN tunnel is up and running, but I am having issues with clients at the remote site.  The client machines are part of the 2003 AD, but there is no server at the remote site.  

The Cisco 871 is setup as a DHCP sever and it offers the DNS and WINS IP addresses of the server back here at the Corporate Office.  

Every 3-4 days, when a client logs in to the domain, it can take upwards of 10 minutes or more before they are actually able to start working on their machine.  It most cases, this can happen even if there is only one user up and running on the remote connection.

I have checked the config of both the Netscreen and the Cisco 871, and the only potentiial item that I can see that may affect it is the MTU.  The Netscreen is set 1500.  The Cisco by default is set to 1452 from what I can see.  Seeing that there are no issues with the actual tunnel connection, would these settings still have an impact for the client PC's at the remote site?

Answer : Cisco 871 to Netscreen 204 problem.

I'm still not sure if it is a MTU problem since you don't see it often, a simple test;

Go to one side of the tunnel, pick a machine and do this;

ping -l 1400 -f

Now try reducing slowly from 1400 to 1380, 1350 etc and see where it succeeds.

Most problems I've seen are related to DNS issues, which again you can test with just file entries.
 
Again pick a machine, put the dc address in the LMHOSTS file (A WINS DC Entry) and then try logging in, see if that makes any difference, if it is good, then DNS is the solution I'd recommend.