Long ping time to workstation from VPN tunnel

I have a workstation that is serving a hotel database.  I can ping other machines through the firewall via the VPN tunnel and get response times of around 20-50ms.  However, the machine in question gives me times around 1400-1500ms with well over 50% packet loss.  if I ping the workstation with the local firewall I get 1ms response times.  If I connect up to the firewall via the Linksys QuickVPN client I get response times around 30-50ms with almost no packets lost.  For some reason, the site-to-site VPN tunnel takes a LONG time to return a ping on this one station.  The long response times makes serving the database almost impossible.

Here is some more background on the network:
 - Peer to Peer.
 - Two Gateways exist: First is central reservations satellite connection: 172.18.151.80/28 GW 172.18.151.94.  Second is internet connection on Linksys RV082: 172.18.151.80/28 GW 172.18.151.81.
 - both gatway routers are connected to same switch.

Here is some on the workstation:
 - First network card is connected to switch and is setup with the satellite as the gateway and is configured with an IP of 172.18.151.92 SN 255.255.255.240  GW 172.18.151.94.  
 - Second network card is connected to switch and is setup with the internet firewall as the gateway and is confugured with an IP of 172.18.151.82 SN 255.255.255.240 GW 172.18.151.81.

I am pretty sure it is the routing between this workstation and both gateways is the culprit but I am not too sure on how to proceede.

Any suggestions?



LVL 1
Field Marshall BobAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Hypercat (Deb)Connect With a Mentor Commented:
I'm not sure about excluding routes.  How would you go about doing this?  What I would try  would be to use a static route on the client side for the connection to your database server.  This would allow you to leave the single gateway on the Internet side and have a static route to the satellite side.  It is simpler and "should" work :-)

Hope this helps!
0
 
jekl2000Commented:
Have you tried a tracert xxx.xxx.xxx.xxx on one of the good and the bad?
0
 
Hypercat (Deb)Commented:
You do not need two gateways, and this is probably the source of your problem. You only need a gateway on the NIC that will be used to route to IPs that are not on your local network - this would be anything outside the 172.18.151.80/28 subnet.  So, remove the gateway setting from the NIC connected to your satellite connection and leave the one on your Internet connection.  That should resolve your issue.

Hope this helps!
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Field Marshall BobAuthor Commented:
I apologize for not getting back quicker.  I've been out at another site.  You know how it is being a one-man show.

hypercat - I removed the gateway on the NIC attached to the satellite side and our database stopped talking to central reservations so I had to put it back.

jekl2000 - I tried tracert and the packets are going through the satellite instead of the VPN tunnel. This would explain the lossy packets and long response times.  Plus, I think there are way over 50 nodes on this route.  Ewwww. . .

So I think there are only 2 options:
1.  Block this route locally.  I think this would have to be done on the other end of the tunnel from the machine in question.  Probably both sides . . .
2.  Block this route on the satellite boxes.  Both sites have the same satellite setup so I think I can have them exclude the routes to the local network.

What do you guys think?

0
 
Field Marshall BobAuthor Commented:
I wasn't sure about excluding routes either.  I was hoping one of you guys had a way of doing it.  
0
 
Field Marshall BobAuthor Commented:
The static route worked like a champ.  I noticed that there were about 1000 entries in the routing table.  I think the thing got all mucked up and went with the default gateway which was the satellite.  by clearing it (route -f) and adding the local subnet as a route everything worked perfectly.  Thanks!
0
All Courses

From novice to tech pro — start learning today.