Long ping time to workstation from VPN tunnel

I have a workstation that is serving a hotel database.  I can ping other machines through the firewall via the VPN tunnel and get response times of around 20-50ms.  However, the machine in question gives me times around 1400-1500ms with well over 50% packet loss.  if I ping the workstation with the local firewall I get 1ms response times.  If I connect up to the firewall via the Linksys QuickVPN client I get response times around 30-50ms with almost no packets lost.  For some reason, the site-to-site VPN tunnel takes a LONG time to return a ping on this one station.  The long response times makes serving the database almost impossible.

Here is some more background on the network:
 - Peer to Peer.
 - Two Gateways exist: First is central reservations satellite connection: 172.18.151.80/28 GW 172.18.151.94.  Second is internet connection on Linksys RV082: 172.18.151.80/28 GW 172.18.151.81.
 - both gatway routers are connected to same switch.

Here is some on the workstation:
 - First network card is connected to switch and is setup with the satellite as the gateway and is configured with an IP of 172.18.151.92 SN 255.255.255.240  GW 172.18.151.94.  
 - Second network card is connected to switch and is setup with the internet firewall as the gateway and is confugured with an IP of 172.18.151.82 SN 255.255.255.240 GW 172.18.151.81.

I am pretty sure it is the routing between this workstation and both gateways is the culprit but I am not too sure on how to proceede.

Any suggestions?



LVL 1
Field Marshall BobAsked:
Who is Participating?
 
Hypercat (Deb)Connect With a Mentor Commented:
I'm not sure about excluding routes.  How would you go about doing this?  What I would try  would be to use a static route on the client side for the connection to your database server.  This would allow you to leave the single gateway on the Internet side and have a static route to the satellite side.  It is simpler and "should" work :-)

Hope this helps!
0
 
jekl2000Commented:
Have you tried a tracert xxx.xxx.xxx.xxx on one of the good and the bad?
0
 
Hypercat (Deb)Commented:
You do not need two gateways, and this is probably the source of your problem. You only need a gateway on the NIC that will be used to route to IPs that are not on your local network - this would be anything outside the 172.18.151.80/28 subnet.  So, remove the gateway setting from the NIC connected to your satellite connection and leave the one on your Internet connection.  That should resolve your issue.

Hope this helps!
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Field Marshall BobAuthor Commented:
I apologize for not getting back quicker.  I've been out at another site.  You know how it is being a one-man show.

hypercat - I removed the gateway on the NIC attached to the satellite side and our database stopped talking to central reservations so I had to put it back.

jekl2000 - I tried tracert and the packets are going through the satellite instead of the VPN tunnel. This would explain the lossy packets and long response times.  Plus, I think there are way over 50 nodes on this route.  Ewwww. . .

So I think there are only 2 options:
1.  Block this route locally.  I think this would have to be done on the other end of the tunnel from the machine in question.  Probably both sides . . .
2.  Block this route on the satellite boxes.  Both sites have the same satellite setup so I think I can have them exclude the routes to the local network.

What do you guys think?

0
 
Field Marshall BobAuthor Commented:
I wasn't sure about excluding routes either.  I was hoping one of you guys had a way of doing it.  
0
 
Field Marshall BobAuthor Commented:
The static route worked like a champ.  I noticed that there were about 1000 entries in the routing table.  I think the thing got all mucked up and went with the default gateway which was the satellite.  by clearing it (route -f) and adding the local subnet as a route everything worked perfectly.  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.