How do I diagnose a sudden drop in VPN performance?

We have 7 sites in town connected by VPN to our main network. They have all been working for months and have given reasonable performance. Last Thursday they all started complaining that it was taking minutes to open Word docs, everything is slow as death, etc. What do I look for?

What baffles me is that I go to a remote site and ping our server, and 90% of the time I get ping times of low 20's (ms), which I think is quite good! During file transfer times, I see pings of say 200 - 300 ms.

Clients are NT - W2K - XP
Each remote site has 1 or 2 PCs, one has 6 PCs

Sites all served by Adelphia cable modem and Cisco PIX 501
Main site Adelphia cable modem and PIX 506

Main network is Win 2000  with 3 Servers, 130 PCs
File access speed on main network is unchanged, and excellent

I don't know of any changes or events coincident with the problem onset.

Appreciate tips on what to look for in diagnosing this.


Who is Participating?
sohaibfaruqConnect With a Mentor Commented:
bandwidth can be one.

VPN aggregator should also be checked for CPU and RAM utilization.

Also check the server where all these documents are placed.

Hope it helps...

looks like a bandwidth problem, do you know what is the actual bandwidth you are getting between your head office and remote sites? if problems happened on all remote sites, I would check head office bandwidth usage during peak hour.
It sounds like bandwidth but there are other problems that come out under load.  
Check your interface packet counters for errors, drops or high queue levels.
Sometimes an interface speed or duplex mismatch will work happily under light loads but slow to a crawl under load.  

The change seems sudden:
There could also be a worm on the network that is eating your bandwidth.  
Fragmentation may also be an issue - this could result from a change on the server interfaces or even a server reboot after updates etc.   Put a little hub between the PIX 506 and the modem and sniff the traffic there.  Sniff inside the network to look for retranmissions, ICMP unreachables etc. and check MTU sizes.
Lastly check with the ISP that they haven't done anything on their network.
Timing sounds like the outbreak of several nasty virus/worms over the past couple of weeks.
Take a quick look at each PIX 501 with "sho xlate" if you have to scroll through several pages of xlates with only one or two clients, especially if the destination address is sequential or specific to one host.. you might be able to pin it down this way.
cgunixAuthor Commented:
The problem was on the server, there was an error (cause unknown) in file replication setup. We used to have one remote server and replicate a few thousand files to it over the VPN. We stopped that a year ago, something got changed just recently (the onset of the problem) and the server was generating a lot of unnecessary traffic - it didn't much affect our in-house subnet, but trashed all VPN connections. That's all I have for details now, am waiting for more info from our tech people who fixed it.

Thanks to all who replied

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.