How to speed up VPN connection #2

Posted on 2007-08-10
Last Modified: 2013-11-16
To connect to a all the files on corporate network, including a large database application, and work from home, I have the following on the notebook.

1. Toshiba notebook: Pentium III chip, 996 Mhz, 768mb Ram
2. SMC Networks EZ Networking EZ Card 10/100 ("allows notebook user to connect to Ethernet or Fast Ethernet networks at 10 Mbps or 100Mbps. Full-duplex support doubles the data rate to 200 Mbps... 16-bit PCI bus...)
3. Cable internet with 8mbps down and 768kbps up.
4. Watchguard VPN program.

Corporate site:
1. Watchguard VPN and firewall.
2. T1 going out to internet (and me)
3. Windows 2000 (not 2003)

It is too slow. See my previous question for some answers to this question, such as using terminal services or remote pc. The corporate sysadmin says no to TLS/SSL based authentication because we don't have Windows 2003, and anyway the method protects servers, but not the network.

It has been suggested by the corporate sysadmin that if I had a Watchguard device at home, thus moving the VPN logic and encryption onto a dedicated hardware device, I might speed things up.

What say you to that?
Question by:pickwick-systems
    LVL 32

    Expert Comment

    Having a specialized device which has VPN accelerator built-in would definitely help speed the VPN connection; on the current connection if you reduce the encryption from AES-256 to 3DES; this can also help speed up the connection.
    One more comparatively less secure way is to use PPTP VPN tunnel rather than MUVPN (IPSec) VPN Tunnel.

    You might also want to look at the current upload speed of 768 kbps which looks dwarf when compared with your download speed of 8 mbps.

    Thank you.
    LVL 36

    Expert Comment

    How fast is a terminal services connection?

    You refer to a database application. I assume it is making database calls over the VPN?
    A lot of database applications make lots of very small queries to the database and in these situations it is the packet delay between the client and the server which slows down the application. If this is what is causing you the problem then there is very little you can do other than get the software author to improve the efficiency of the database application by making more use of stored procedures for example.

    Author Comment

    dpk_wal: I'm looking for a solution that will give me access to the network from home at a speed that is comparable to my in-office access speed - a couple of seconds to open a file in Word, for example. Currently this takes 5 minutes from home. Would installing a T1 make this happen in seconds?  Would reduced encryption make it that fast?

    Author Comment

    grblades: My access is extremely slow even if I'm just browsing the drives to locate a file and open it with the notepad. It's not just the database.
    LVL 32

    Accepted Solution

    Having a faster internet connection like T1 would help for sure; I cannot assure you if you would be able to open a word document in 2 seconds; however, I can assure you it would not take 5 minutes. You would observe latency but the latency would not hamper your work.

    If you wish to go for T1 and a hardware firewall for VPN acceleration then you can configure a Branch office VPN [BOVPN] instead of remote user VPN; in this case as the firewall would do hardware acceleration for VPN, the latency would be further low.
    However, I would suggest you to check with your sysadmin if they would actually configure a site-site or BOVPN for you; if they don't then the firewall with VPN acceleration would not help.

    I would like to ask if you are making a split tunnel from your home to office or are you making a default route VPN Tunnel; because if default route then even not needed entire traffic is unnecessarily going over the VPN. Configuring split tunnel would help as the amount of traffic going over the tunnel and hence getting encrypted/decrypted would reduce and hence speed up the things.

    I would also like to check to make sure your machine is not affected with malware/spyware/virus etc., as this would again ensure unnecessary traffic would not be routed over the VPN tunnel.

    Final thing that I need to check is: do you use your local machine [the one which acts as client for VPN tunnel] for communication OR you just remote desktop to your work PC from your local machine and then do the work. The reason I ask, is because if it is remote connection then only RDP traffic flows over VPN tunnel and all the database query and other connections go over your office network only.

    Please advice.

    Thank you.

    Author Comment

    by:pickwick-systems you use your local machine [the one which acts as client for VPN tunnel] for communication OR you just remote desktop to your work PC : I do not remote desktop to my pc. The notebook that I use at home is the same one I use in the office.

    2. make sure your machine is not affected with malware/spyware/virus etc. It isn't. it has all the protections of any other pc on the office network, because that's where it is usually docked.

    I am unable to answer the other questions myself. I'll have to wait until monday to ask the sysadmin.
    Thanks for your help.

    Author Comment

    The sysadmin feels that gotomypc is secure enough. I just tested it, and it is much, much, fsster than the vpn setup. I'm going to use it for now.  

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now