Re: Site-tosite VPN Issue
From: Eugene Taylor (ewtaylor2001_at_fake.com)
Date: 01/06/05
- Next message: Curtis: "Test link between remote locations"
- Previous message: Eugene Taylor: "Re: VPN and MSSQL/Applicatins, newbie problem"
- In reply to: Robert L [MS-MVP]: "Re: Site-tosite VPN Issue"
- Next in thread: rpaz61: "Re: Site-tosite VPN Issue"
- Reply: rpaz61: "Re: Site-tosite VPN Issue"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 6 Jan 2005 08:04:28 -0500
Also you might want to look at TS as an alternative.
"Robert L [MS-MVP]" <noreply@hotmail.com> wrote in message
news:ux6Yt348EHA.2676@TK2MSFTNGP12.phx.gbl...
> we have seen many slow issue on DSL VPN. Adjusting mtu may or may not fix
> the issues. you may try windows demand-dial VPN.
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> VPN Process and Error Analysis,
http://www.chicagotech.net/VPN%20process.htm
> VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> This posting is provided "AS IS" with no warranties.
> "rpaz61" <rpaz61@discussions.microsoft.com> wrote in message
> news:B92A0900-A8EC-4CE2-A384-4479D25DC738@microsoft.com...
> > Here's the setup:
> >
> > Main Office
> >
> > Server:
> > Windows Server 2003 domain controller
> > IP address: 192.168.1.10
> > Subnet mask: 255.255.255.0
> > Gateway: 192.168.1.1
> > Services: Active Directory, DNS, DHCP
> >
> > Clients:
> > Mixture of PCs running Windows 2000 Profressional with SP3 and Windows
XP
> > Professional with SP2
> >
> > Network:
> > Dell 16-port switch
> > SBC 768K SDSL
> >
> > Firewall:
> > Sonicwall TZ170 Internet Security Appliance
> > LAN IP = 192.168.1.1
> > LAN Subnet Mask = 255.255.255.0
> > Firmware version: SonicOS Standard 2.2.0.1
> > Revision: 2.2.0_pp_8s $
> > ROM version 2.0.0.3
> > Previous firmware version: 2.0.0.2
> > Fragment outbound packets larger than WAN MTU: 1
> > WAN MTU: 1404
> > CP Wan MTU: 1404
> > WAN Ignore DF Bit for non-VPN traffic: 1
> >
> > Site-to-site VPN:
> > Encrypt/Auth - ESP DES HMAC MD5
> > Key Exchange: Manual Keys
> > VPN Terminated at: LAN
> > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > TunnelForAllOutboundTraffic off
> > Authentication of local users off, Authentication of remote users off
> > remote subnet for netbios 255.255.255.0
> > destIP begin 192.168.2.1, end 192.168.2.254
> >
> >
> >
> > Remote Office
> >
> > Clients:
> > 4 Dell PCs running Windows XP Professional with SP2
> >
> > Network:
> > Belkin 8-port 10/100 hub
> > Choice One 768K SDSL
> >
> > Firewall:
> > Sonicwall TZ170 Internet Security Appliance
> > LAN IP = 192.168.2.1
> > LAN Subnet Mask = 255.255.255.0
> > Firmware version: SonicOS Standard 2.2.0.1
> > Revision: 2.2.0_pp_8s $
> > ROM version 2.0.0.3
> > Previous firmware version: 2.0.0.2
> > Fragment outbound packets larger than WAN MTU: 1
> > WAN MTU: 1404
> > CP Wan MTU: 1404
> > WAN Ignore DF Bit for non-VPN traffic: 1
> > DHCP Server:
> > Enable DHCP = 1
> > Lease Period = 1440 minutes
> > Range Start = 192.168.2.100
> > Range End = 192.168.2.110
> > Interface = LAN
> > Default Gateway = 192.168.2.1
> > Subnet Mask = 255.255.255.0
> > Domain Name = <NULL>
> > DNS Servers = 192.168.1.10
> >
> > Site-to-site VPN:
> > Encrypt/Auth - ESP DES HMAC MD5
> > Key Exchange: Manual Keys
> > VPN Terminated at: LAN
> > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > TunnelForAllOutboundTraffic off
> > Authentication of local users off, Authentication of remote users off
> > remote subnet for netbios 255.255.255.0
> > destIP begin 192.168.2.1, end 192.168.2.254
> >
> > A site-to-site VPN between both Sonicwall TZ170 connects the Remote
Office
> > to the Main Office. All four PCs at the Remote Office authenticate
across
> > the VPN to the Windows Server 2003 domain controller. At the Remote
> > Office,
> > DNS is resolving to the domain controller across the VPN.
> >
> > Issue:
> >
> > All users use a Windows-based application that connects to a database on
> > the
> > Windows Server 2003 domain controller.
> >
> > There are not any performance issues in the Main Office. There are
> > performance issues with clients accessing the database and
copying/opening
> > files from the server to the client PC over the VPN from the Remote
> > Office.
> > We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote
> > Office
> > and netmon.exe on the Windows Server 2003 domain controller) while
copying
> > a
> > 12.7MB file from the server to the client PC. What we found is that the
> > client PC at the Remote Office is repeatedly sending ACKs across the VPN
> > tunnel to the domain controller and the domain controller is yet the
> > domain
> > controller is repeatedly sending ACKs across the VPN tunnel to the
client
> > PC.
> >
> >
> > We do not know what's causing this issue. Sonicwall states that there's
> > nothing wrong with their hardware or the VPN tunnel itself.
> >
> > Does anyone have any ideas?
> >
> > Thanks in advance!!
> >
> > Rob
> >
> > PS - I can send the packet trace capture files if needed. Just let me
> > know.
>
>
- Next message: Curtis: "Test link between remote locations"
- Previous message: Eugene Taylor: "Re: VPN and MSSQL/Applicatins, newbie problem"
- In reply to: Robert L [MS-MVP]: "Re: Site-tosite VPN Issue"
- Next in thread: rpaz61: "Re: Site-tosite VPN Issue"
- Reply: rpaz61: "Re: Site-tosite VPN Issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
