Re: Site-tosite VPN Issue
From: Robert L [MS-MVP] (noreply_at_hotmail.com)
Date: 01/06/05
- Next message: Steven L Umbach: "Re: Upgraded from nt4 to 2003... domain name question"
- Previous message: Robert L [MS-MVP]: "Re: VPN and MSSQL/Applicatins, newbie problem"
- In reply to: rpaz61: "Site-tosite VPN Issue"
- Next in thread: Eugene Taylor: "Re: Site-tosite VPN Issue"
- Reply: Eugene Taylor: "Re: Site-tosite VPN Issue"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 5 Jan 2005 19:20:17 -0600
we have seen many slow issue on DSL VPN. Adjusting mtu may or may not fix
the issues. you may try windows demand-dial VPN.
-- For more and other information, go to http://www.ChicagoTech.net Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help. Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on http://www.ChicagoTech.net Networking Solutions, http://www.chicagotech.net/networksolutions.htm VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm VPN Troubleshooting, http://www.chicagotech.net/vpn.htm This posting is provided "AS IS" with no warranties. "rpaz61" <rpaz61@discussions.microsoft.com> wrote in message news:B92A0900-A8EC-4CE2-A384-4479D25DC738@microsoft.com... > Here's the setup: > > Main Office > > Server: > Windows Server 2003 domain controller > IP address: 192.168.1.10 > Subnet mask: 255.255.255.0 > Gateway: 192.168.1.1 > Services: Active Directory, DNS, DHCP > > Clients: > Mixture of PCs running Windows 2000 Profressional with SP3 and Windows XP > Professional with SP2 > > Network: > Dell 16-port switch > SBC 768K SDSL > > Firewall: > Sonicwall TZ170 Internet Security Appliance > LAN IP = 192.168.1.1 > LAN Subnet Mask = 255.255.255.0 > Firmware version: SonicOS Standard 2.2.0.1 > Revision: 2.2.0_pp_8s $ > ROM version 2.0.0.3 > Previous firmware version: 2.0.0.2 > Fragment outbound packets larger than WAN MTU: 1 > WAN MTU: 1404 > CP Wan MTU: 1404 > WAN Ignore DF Bit for non-VPN traffic: 1 > > Site-to-site VPN: > Encrypt/Auth - ESP DES HMAC MD5 > Key Exchange: Manual Keys > VPN Terminated at: LAN > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off > TunnelForAllOutboundTraffic off > Authentication of local users off, Authentication of remote users off > remote subnet for netbios 255.255.255.0 > destIP begin 192.168.2.1, end 192.168.2.254 > > > > Remote Office > > Clients: > 4 Dell PCs running Windows XP Professional with SP2 > > Network: > Belkin 8-port 10/100 hub > Choice One 768K SDSL > > Firewall: > Sonicwall TZ170 Internet Security Appliance > LAN IP = 192.168.2.1 > LAN Subnet Mask = 255.255.255.0 > Firmware version: SonicOS Standard 2.2.0.1 > Revision: 2.2.0_pp_8s $ > ROM version 2.0.0.3 > Previous firmware version: 2.0.0.2 > Fragment outbound packets larger than WAN MTU: 1 > WAN MTU: 1404 > CP Wan MTU: 1404 > WAN Ignore DF Bit for non-VPN traffic: 1 > DHCP Server: > Enable DHCP = 1 > Lease Period = 1440 minutes > Range Start = 192.168.2.100 > Range End = 192.168.2.110 > Interface = LAN > Default Gateway = 192.168.2.1 > Subnet Mask = 255.255.255.0 > Domain Name = <NULL> > DNS Servers = 192.168.1.10 > > Site-to-site VPN: > Encrypt/Auth - ESP DES HMAC MD5 > Key Exchange: Manual Keys > VPN Terminated at: LAN > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off > TunnelForAllOutboundTraffic off > Authentication of local users off, Authentication of remote users off > remote subnet for netbios 255.255.255.0 > destIP begin 192.168.2.1, end 192.168.2.254 > > A site-to-site VPN between both Sonicwall TZ170 connects the Remote Office > to the Main Office. All four PCs at the Remote Office authenticate across > the VPN to the Windows Server 2003 domain controller. At the Remote > Office, > DNS is resolving to the domain controller across the VPN. > > Issue: > > All users use a Windows-based application that connects to a database on > the > Windows Server 2003 domain controller. > > There are not any performance issues in the Main Office. There are > performance issues with clients accessing the database and copying/opening > files from the server to the client PC over the VPN from the Remote > Office. > We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote > Office > and netmon.exe on the Windows Server 2003 domain controller) while copying > a > 12.7MB file from the server to the client PC. What we found is that the > client PC at the Remote Office is repeatedly sending ACKs across the VPN > tunnel to the domain controller and the domain controller is yet the > domain > controller is repeatedly sending ACKs across the VPN tunnel to the client > PC. > > > We do not know what's causing this issue. Sonicwall states that there's > nothing wrong with their hardware or the VPN tunnel itself. > > Does anyone have any ideas? > > Thanks in advance!! > > Rob > > PS - I can send the packet trace capture files if needed. Just let me > know.
- Next message: Steven L Umbach: "Re: Upgraded from nt4 to 2003... domain name question"
- Previous message: Robert L [MS-MVP]: "Re: VPN and MSSQL/Applicatins, newbie problem"
- In reply to: rpaz61: "Site-tosite VPN Issue"
- Next in thread: Eugene Taylor: "Re: Site-tosite VPN Issue"
- Reply: Eugene Taylor: "Re: Site-tosite VPN Issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
