[Webinar] Learn how to a build a cloud-first strategyRegister Now


How to speed up VPN connection #2

Posted on 2007-08-10
Medium Priority
Last Modified: 2013-11-16
To connect to a all the files on corporate network, including a large database application, and work from home, I have the following on the notebook.

1. Toshiba notebook: Pentium III chip, 996 Mhz, 768mb Ram
2. SMC Networks EZ Networking EZ Card 10/100 ("allows notebook user to connect to Ethernet or Fast Ethernet networks at 10 Mbps or 100Mbps. Full-duplex support doubles the data rate to 200 Mbps... 16-bit PCI bus...)
3. Cable internet with 8mbps down and 768kbps up.
4. Watchguard VPN program.

Corporate site:
1. Watchguard VPN and firewall.
2. T1 going out to internet (and me)
3. Windows 2000 (not 2003)

It is too slow. See my previous question for some answers to this question, such as using terminal services or remote pc. The corporate sysadmin says no to TLS/SSL based authentication because we don't have Windows 2003, and anyway the method protects servers, but not the network.

It has been suggested by the corporate sysadmin that if I had a Watchguard device at home, thus moving the VPN logic and encryption onto a dedicated hardware device, I might speed things up.

What say you to that?
Question by:pickwick-systems
  • 4
  • 2
LVL 32

Expert Comment

ID: 19671312
Having a specialized device which has VPN accelerator built-in would definitely help speed the VPN connection; on the current connection if you reduce the encryption from AES-256 to 3DES; this can also help speed up the connection.
One more comparatively less secure way is to use PPTP VPN tunnel rather than MUVPN (IPSec) VPN Tunnel.

You might also want to look at the current upload speed of 768 kbps which looks dwarf when compared with your download speed of 8 mbps.

Thank you.
LVL 36

Expert Comment

ID: 19671581
How fast is a terminal services connection?

You refer to a database application. I assume it is making database calls over the VPN?
A lot of database applications make lots of very small queries to the database and in these situations it is the packet delay between the client and the server which slows down the application. If this is what is causing you the problem then there is very little you can do other than get the software author to improve the efficiency of the database application by making more use of stored procedures for example.

Author Comment

ID: 19671668
dpk_wal: I'm looking for a solution that will give me access to the network from home at a speed that is comparable to my in-office access speed - a couple of seconds to open a file in Word, for example. Currently this takes 5 minutes from home. Would installing a T1 make this happen in seconds?  Would reduced encryption make it that fast?
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Author Comment

ID: 19671686
grblades: My access is extremely slow even if I'm just browsing the drives to locate a file and open it with the notepad. It's not just the database.
LVL 32

Accepted Solution

dpk_wal earned 600 total points
ID: 19674717
Having a faster internet connection like T1 would help for sure; I cannot assure you if you would be able to open a word document in 2 seconds; however, I can assure you it would not take 5 minutes. You would observe latency but the latency would not hamper your work.

If you wish to go for T1 and a hardware firewall for VPN acceleration then you can configure a Branch office VPN [BOVPN] instead of remote user VPN; in this case as the firewall would do hardware acceleration for VPN, the latency would be further low.
However, I would suggest you to check with your sysadmin if they would actually configure a site-site or BOVPN for you; if they don't then the firewall with VPN acceleration would not help.

I would like to ask if you are making a split tunnel from your home to office or are you making a default route VPN Tunnel; because if default route then even not needed entire traffic is unnecessarily going over the VPN. Configuring split tunnel would help as the amount of traffic going over the tunnel and hence getting encrypted/decrypted would reduce and hence speed up the things.

I would also like to check to make sure your machine is not affected with malware/spyware/virus etc., as this would again ensure unnecessary traffic would not be routed over the VPN tunnel.

Final thing that I need to check is: do you use your local machine [the one which acts as client for VPN tunnel] for communication OR you just remote desktop to your work PC from your local machine and then do the work. The reason I ask, is because if it is remote connection then only RDP traffic flows over VPN tunnel and all the database query and other connections go over your office network only.

Please advice.

Thank you.

Author Comment

ID: 19675382
1.do you use your local machine [the one which acts as client for VPN tunnel] for communication OR you just remote desktop to your work PC : I do not remote desktop to my pc. The notebook that I use at home is the same one I use in the office.

2. make sure your machine is not affected with malware/spyware/virus etc. It isn't. it has all the protections of any other pc on the office network, because that's where it is usually docked.

I am unable to answer the other questions myself. I'll have to wait until monday to ask the sysadmin.
Thanks for your help.

Author Comment

ID: 19710465
The sysadmin feels that gotomypc is secure enough. I just tested it, and it is much, much, fsster than the vpn setup. I'm going to use it for now.  

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question