Solved

Long ping time to workstation from VPN tunnel

Posted on 2006-11-06
6
352 Views
Last Modified: 2009-12-16
I have a workstation that is serving a hotel database.  I can ping other machines through the firewall via the VPN tunnel and get response times of around 20-50ms.  However, the machine in question gives me times around 1400-1500ms with well over 50% packet loss.  if I ping the workstation with the local firewall I get 1ms response times.  If I connect up to the firewall via the Linksys QuickVPN client I get response times around 30-50ms with almost no packets lost.  For some reason, the site-to-site VPN tunnel takes a LONG time to return a ping on this one station.  The long response times makes serving the database almost impossible.

Here is some more background on the network:
 - Peer to Peer.
 - Two Gateways exist: First is central reservations satellite connection: 172.18.151.80/28 GW 172.18.151.94.  Second is internet connection on Linksys RV082: 172.18.151.80/28 GW 172.18.151.81.
 - both gatway routers are connected to same switch.

Here is some on the workstation:
 - First network card is connected to switch and is setup with the satellite as the gateway and is configured with an IP of 172.18.151.92 SN 255.255.255.240  GW 172.18.151.94.  
 - Second network card is connected to switch and is setup with the internet firewall as the gateway and is confugured with an IP of 172.18.151.82 SN 255.255.255.240 GW 172.18.151.81.

I am pretty sure it is the routing between this workstation and both gateways is the culprit but I am not too sure on how to proceede.

Any suggestions?



0
Comment
Question by:Field Marshall Bob
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:jekl2000
ID: 17884845
Have you tried a tracert xxx.xxx.xxx.xxx on one of the good and the bad?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17885234
You do not need two gateways, and this is probably the source of your problem. You only need a gateway on the NIC that will be used to route to IPs that are not on your local network - this would be anything outside the 172.18.151.80/28 subnet.  So, remove the gateway setting from the NIC connected to your satellite connection and leave the one on your Internet connection.  That should resolve your issue.

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17907850
I apologize for not getting back quicker.  I've been out at another site.  You know how it is being a one-man show.

hypercat - I removed the gateway on the NIC attached to the satellite side and our database stopped talking to central reservations so I had to put it back.

jekl2000 - I tried tracert and the packets are going through the satellite instead of the VPN tunnel. This would explain the lossy packets and long response times.  Plus, I think there are way over 50 nodes on this route.  Ewwww. . .

So I think there are only 2 options:
1.  Block this route locally.  I think this would have to be done on the other end of the tunnel from the machine in question.  Probably both sides . . .
2.  Block this route on the satellite boxes.  Both sites have the same satellite setup so I think I can have them exclude the routes to the local network.

What do you guys think?

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 17907909
I'm not sure about excluding routes.  How would you go about doing this?  What I would try  would be to use a static route on the client side for the connection to your database server.  This would allow you to leave the single gateway on the Internet side and have a static route to the satellite side.  It is simpler and "should" work :-)

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916114
I wasn't sure about excluding routes either.  I was hoping one of you guys had a way of doing it.  
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916142
The static route worked like a champ.  I noticed that there were about 1000 entries in the routing table.  I think the thing got all mucked up and went with the default gateway which was the satellite.  by clearing it (route -f) and adding the local subnet as a route everything worked perfectly.  Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ospf neighbors not coming up 6 59
How to read network slash info 7 48
Multiple MPLS Circuits Connecting to LAN 3 43
2960 not recognizing subinterface configuraton of 5510 11 31
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question