Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Long ping time to workstation from VPN tunnel

Posted on 2006-11-06
6
Medium Priority
?
359 Views
Last Modified: 2009-12-16
I have a workstation that is serving a hotel database.  I can ping other machines through the firewall via the VPN tunnel and get response times of around 20-50ms.  However, the machine in question gives me times around 1400-1500ms with well over 50% packet loss.  if I ping the workstation with the local firewall I get 1ms response times.  If I connect up to the firewall via the Linksys QuickVPN client I get response times around 30-50ms with almost no packets lost.  For some reason, the site-to-site VPN tunnel takes a LONG time to return a ping on this one station.  The long response times makes serving the database almost impossible.

Here is some more background on the network:
 - Peer to Peer.
 - Two Gateways exist: First is central reservations satellite connection: 172.18.151.80/28 GW 172.18.151.94.  Second is internet connection on Linksys RV082: 172.18.151.80/28 GW 172.18.151.81.
 - both gatway routers are connected to same switch.

Here is some on the workstation:
 - First network card is connected to switch and is setup with the satellite as the gateway and is configured with an IP of 172.18.151.92 SN 255.255.255.240  GW 172.18.151.94.  
 - Second network card is connected to switch and is setup with the internet firewall as the gateway and is confugured with an IP of 172.18.151.82 SN 255.255.255.240 GW 172.18.151.81.

I am pretty sure it is the routing between this workstation and both gateways is the culprit but I am not too sure on how to proceede.

Any suggestions?



0
Comment
Question by:Field Marshall Bob
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:jekl2000
ID: 17884845
Have you tried a tracert xxx.xxx.xxx.xxx on one of the good and the bad?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17885234
You do not need two gateways, and this is probably the source of your problem. You only need a gateway on the NIC that will be used to route to IPs that are not on your local network - this would be anything outside the 172.18.151.80/28 subnet.  So, remove the gateway setting from the NIC connected to your satellite connection and leave the one on your Internet connection.  That should resolve your issue.

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17907850
I apologize for not getting back quicker.  I've been out at another site.  You know how it is being a one-man show.

hypercat - I removed the gateway on the NIC attached to the satellite side and our database stopped talking to central reservations so I had to put it back.

jekl2000 - I tried tracert and the packets are going through the satellite instead of the VPN tunnel. This would explain the lossy packets and long response times.  Plus, I think there are way over 50 nodes on this route.  Ewwww. . .

So I think there are only 2 options:
1.  Block this route locally.  I think this would have to be done on the other end of the tunnel from the machine in question.  Probably both sides . . .
2.  Block this route on the satellite boxes.  Both sites have the same satellite setup so I think I can have them exclude the routes to the local network.

What do you guys think?

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 2000 total points
ID: 17907909
I'm not sure about excluding routes.  How would you go about doing this?  What I would try  would be to use a static route on the client side for the connection to your database server.  This would allow you to leave the single gateway on the Internet side and have a static route to the satellite side.  It is simpler and "should" work :-)

Hope this helps!
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916114
I wasn't sure about excluding routes either.  I was hoping one of you guys had a way of doing it.  
0
 
LVL 1

Author Comment

by:Field Marshall Bob
ID: 17916142
The static route worked like a champ.  I noticed that there were about 1000 entries in the routing table.  I think the thing got all mucked up and went with the default gateway which was the satellite.  by clearing it (route -f) and adding the local subnet as a route everything worked perfectly.  Thanks!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question