itgroup1
asked on
VPN Concentrator Shows Low Tx/Rx rates.
I have a Cisco VPN Concentrator that remote users connect to/through so that they can use Network resources. There are usually 10-15 connections on any given day and they are sending and receiving data just fine. Every now and then, a connection will get terminated and at times a connection will be dog slow.
I can go to Administer Sessions to get statistics on who is connected, how long they have been connected, from where are they connected and can even ping the address to which they are assigned. When I get a 25ms return on the ping and see that they have enormous Tx/Rx rates, I know they have a solid connection.
I guess I have a couple of questions:
1) Why would several users at the same location have differences in connection, i.e. user 1,2 & 3 connects and is Tx/Rx fine and has the normal 25ms ping where user 4 connects and he is having all kinds of issues with the connection?
2) What "things" could cause this?
3) Is there a way to increase the throughput or "open the pipe" on the concentrator to make things faster?
I can go to Administer Sessions to get statistics on who is connected, how long they have been connected, from where are they connected and can even ping the address to which they are assigned. When I get a 25ms return on the ping and see that they have enormous Tx/Rx rates, I know they have a solid connection.
I guess I have a couple of questions:
1) Why would several users at the same location have differences in connection, i.e. user 1,2 & 3 connects and is Tx/Rx fine and has the normal 25ms ping where user 4 connects and he is having all kinds of issues with the connection?
2) What "things" could cause this?
3) Is there a way to increase the throughput or "open the pipe" on the concentrator to make things faster?
What type of VPN's are you using? Depending on the overhead for the connection, your pipe and the end users isp you could be dropping or incorrectly fragmenting packets.
ASKER
We are using a Cisco VPN 3000 Concentrator. We are using Cisco VPN Clients 4.*.*
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
1. All of your 4 users are at the same remote location using the same connection to the internet.
a. TRUE
2. They are all using the same version of the Cisco VPN Client
a. Most are using 4.8.02 but no they are not all the same. Concentrator.
3. They are all setup using the same Group in your VPN Concentrator.
a. Same group
4. They are all connecting to the same device/server/product on the other side of the VPN connection
a. Check your destination server and what is being run. It might be that the one having the problem is doing something different from the others. Good Point. I will check into it.
b. It might also be that the one having problems is using a protocol that is on a lower CoS (Class of Service) and there data is being dropped. Assuming that you are using CoS. I do not know or am not familiar with this concept (CoS). I will have to research this.
Are they having high cpu or hard disk usage on the client pc? Possibly issues with client PC.
We have no bandwidth Policies (config - policy management - traffic management - BW policies) applied on your interface, config - interfaces - "Bandwidth" tab. I will look into this.
Thank you, I will let you know what I find out.
/Sf
a. TRUE
2. They are all using the same version of the Cisco VPN Client
a. Most are using 4.8.02 but no they are not all the same. Concentrator.
3. They are all setup using the same Group in your VPN Concentrator.
a. Same group
4. They are all connecting to the same device/server/product on the other side of the VPN connection
a. Check your destination server and what is being run. It might be that the one having the problem is doing something different from the others. Good Point. I will check into it.
b. It might also be that the one having problems is using a protocol that is on a lower CoS (Class of Service) and there data is being dropped. Assuming that you are using CoS. I do not know or am not familiar with this concept (CoS). I will have to research this.
Are they having high cpu or hard disk usage on the client pc? Possibly issues with client PC.
We have no bandwidth Policies (config - policy management - traffic management - BW policies) applied on your interface, config - interfaces - "Bandwidth" tab. I will look into this.
Thank you, I will let you know what I find out.
/Sf
Class of Service is just a way of prioritizing your more important traffic at a higher level than the lower traffic
Class A: RDP (Terminal Services)
Class B: Email
Class C: http, web
This way if your connection is saturated, your router will know to drop the web traffic while still allowing the higher services to function at a specific rate.
Class A: RDP (Terminal Services)
Class B: Email
Class C: http, web
This way if your connection is saturated, your router will know to drop the web traffic while still allowing the higher services to function at a specific rate.
What model VPN 3000 do you have? Its really hard diagnosing your problem with knowing your architecture.
harbor235 ;}
ASKER
harbor235,
It is a VPN3005.
The problem, from what I can see and the help I received from cshanea0 to isolate the issue, is more than likely a wireless connectivity problem between the client and their ability to stay connected to a Cisco WAP.
To clarify things Client --> to WAP --> to Router --> to Backbone --> to HQ (VPN) --> Authentication --> Networked with HQ. Make sense?
So we have several users who work this way from various locations and they rarely get disconnected if ever. However, those at this "new site" where there are tons of Radio and TV stations in the area, a new wireless telephone system in the site, have hard time staying connected wirelessly thus dropping the VPN connection.
I am setting up a computer via hard wire this afternoon to prove that it isn't the internal LAN (new wiring, etc.) nor is it the router (based on my limited knowledge by looking at it). Something is causing the drop on their wireless connections. How to determine that I haven't quite figured out yet.
/sf
It is a VPN3005.
The problem, from what I can see and the help I received from cshanea0 to isolate the issue, is more than likely a wireless connectivity problem between the client and their ability to stay connected to a Cisco WAP.
To clarify things Client --> to WAP --> to Router --> to Backbone --> to HQ (VPN) --> Authentication --> Networked with HQ. Make sense?
So we have several users who work this way from various locations and they rarely get disconnected if ever. However, those at this "new site" where there are tons of Radio and TV stations in the area, a new wireless telephone system in the site, have hard time staying connected wirelessly thus dropping the VPN connection.
I am setting up a computer via hard wire this afternoon to prove that it isn't the internal LAN (new wiring, etc.) nor is it the router (based on my limited knowledge by looking at it). Something is causing the drop on their wireless connections. How to determine that I haven't quite figured out yet.
/sf