?
Solved

Long ping time to workstation from VPN tunnel

Posted on 2006-11-06
6
Medium Priority
?
358 Views
Last Modified: 2009-12-16
I have a workstation that is serving a hotel database.  I can ping other machines through the firewall via the VPN tunnel and get response times of around 20-50ms.  However, the machine in question gives me times around 1400-1500ms with well over 50% packet loss.  if I ping the workstation with the local firewall I get 1ms response times.  If I connect up to the firewall via the Linksys QuickVPN client I get response times around 30-50ms with almost no packets lost.  For some reason, the site-to-site VPN tunnel takes a LONG time to return a ping on this one station.  The long response times makes serving the database almost impossible.

Here is some more background on the network:
 - Peer to Peer.
 - Two Gateways exist: First is central reservations satellite connection: 172.18.151.80/28 GW 172.18.151.94.  Second is internet connection on Linksys RV082: 172.18.151.80/28 GW 172.18.151.81.
 - both gatway routers are connected to same switch.

Here is some on the workstation:
 - First network card is connected to switch and is setup with the satellite as the gateway and is configured with an IP of 172.18.151.92 SN 255.255.255.240  GW 172.18.151.94.  
 - Second network card is connected to switch and is setup with the internet firewall as the gateway and is confugured with an IP of 172.18.151.82 SN 255.255.255.240 GW 172.18.151.81.

I am pretty sure it is the routing between this workstation and both gateways is the culprit but I am not too sure on how to proceede.

Any suggestions?



0
Comment
Question by:Field Marshall Bob
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:jekl2000
ID: 17884845
Have you tried a tracert xxx.xxx.xxx.xxx on one of the good and the bad?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17885234
You do not need two gateways, and this is probably the source of your problem. You only need a gateway on the NIC that will be used to route to IPs that are not on your local network - this would be anything outside the 172.18.151.80/28 subnet.  So, remove the gateway setting from the NIC connected to your satellite connection and leave the one on your Internet connection.  That should resolve your issue.

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17907850
I apologize for not getting back quicker.  I've been out at another site.  You know how it is being a one-man show.

hypercat - I removed the gateway on the NIC attached to the satellite side and our database stopped talking to central reservations so I had to put it back.

jekl2000 - I tried tracert and the packets are going through the satellite instead of the VPN tunnel. This would explain the lossy packets and long response times.  Plus, I think there are way over 50 nodes on this route.  Ewwww. . .

So I think there are only 2 options:
1.  Block this route locally.  I think this would have to be done on the other end of the tunnel from the machine in question.  Probably both sides . . .
2.  Block this route on the satellite boxes.  Both sites have the same satellite setup so I think I can have them exclude the routes to the local network.

What do you guys think?

0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 17907909
I'm not sure about excluding routes.  How would you go about doing this?  What I would try  would be to use a static route on the client side for the connection to your database server.  This would allow you to leave the single gateway on the Internet side and have a static route to the satellite side.  It is simpler and "should" work :-)

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916114
I wasn't sure about excluding routes either.  I was hoping one of you guys had a way of doing it.  
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916142
The static route worked like a champ.  I noticed that there were about 1000 entries in the routing table.  I think the thing got all mucked up and went with the default gateway which was the satellite.  by clearing it (route -f) and adding the local subnet as a route everything worked perfectly.  Thanks!
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question