Solved

Slow connection over VPN

Posted on 2007-11-27
5
2,108 Views
Last Modified: 2010-04-21
Hi,
We have 8 nurseries who each have VPN access to HO office. Each site has a software Sonicwall connection through the Sonicwall TZ170 at HO.
This allows them access to a shared drive and email.
The drive is mapped on their PCs as P drive.
They are using XP Pro, I've made sure they're getting at least 6MB download. HO admittedly only has 756KB upload, but up to last month it was only 256!
At HO we run SBS2003 patched.
I'm aware that pulling data from a mapped drive will be slow and I'm hoping in the future for a terminal server, but the strange problem is they have slow connectivity; no no hang on... slowww connectivity.
Some nurseries can connect to the P drive in 10 to 20 seconds usually longer though and some take - wait for it - 15 minutes! longer sometimes!
Any suggestions? This issue is causing grief and I have no idea where to look.
John
0
Comment
Question by:jasonbournecia
  • 3
  • 2
5 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 50 total points
ID: 20357653
I'd suspect that the slowness is coming from the fact that your VPN connections are using the HO's IP address as their gateway.  Which means that if someone at one of the nurseries is surfing the Internet, or downloading music, etc, it's going through your Sonicwall.

You should probably monitor that, but you should also know that you don't need a VPN connection for email access.  Instead you should be using RPC over HTTPS to have a remote Outlook 2003 connect directly to your server.

This feature must be enabled in the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) by checking the box on the Web Services Configuration Screen for "Outlook via the Internet".

A visual how-to is here:  http://sbsurl.com/ceicw

Port 443 must be open on your router/firewall.

Then RPC over HTTPS Outlook client configuration instructions are on the server's Remote Web Workplace main menu -- linked as "Configure Outlook via the Internet" -- access the RWW Main Menu by going to http://localhost/remote from on your server.  (See http://sbsurl.com/rww for more info on RWW).

A full overview for SBS based RPC/HTTPS configurations is here:  http://sbsurl.com/rpc

Then, I'd suggest that instead of mapping a drive, you start using a SharePoint Document Library for your shared documents.  That can be accessed externally using https://server.yourdomain.com:444 (or through RWW).

The 6MB download doesn't do a bit of good when the HO is at 256-756KB and there are 8 different connections trying to pull data over that.

Putting in a Terminal Server will not help the problem, it may even make it worse.  

Another option to sharing out that folder is to use Microsoft Office Groove.  http://www.microsoft.com/groove

Jeff
TechSoEasy
0
 

Author Comment

by:jasonbournecia
ID: 20357918
Thanks for your help Jeff,
I thought about terminal server and sticking office on it, the nurseries can use that for everything as they're only pulling down screenshots.
I checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address.
Also, I havent used Sharepoint yet, but I believe that it still has time issues as they still will be pulling documents over the net?
John
0
 

Author Closing Comment

by:jasonbournecia
ID: 31411172
Only only say partially because I havent had the chance yet to test the solutions on offer, but a very decent answer
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20359704
Installing Office on a Terminal Server requires the ENTERPRISE license for Office for as many users as you have TS CALs... so you're talking about thousands of dollars of licensing for that.

" checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address."

That doesn't tell you a thing.  You cannot look at an IPCONFIG and know which connection is being used as the gateway.  You have to look at a "ROUTE PRINT" command and see what it says for the "Default Gateway".  If it's the 192.168.x.x address of your SBS then all of their Internet browsing is going through your SBS.  In the Sonicwall client, I believe the setting is "Set Default Route as this Connection".  If that's enabled everything is going through the VPN.  See:  http://help.mysonicwall.com/sw/eng/general/ui1/6600/VPN/Client_Settings.htm

" believe that it still has time issues as they still will be pulling documents over the net? "

If what I'm suspecting it the problem as described above, then no, it won't be the same because with SharePoint you don't use a VPN connection.  FYI, connecting a NON-Domain computer to your LAN via VPN is a very risky thing to do.  Since these remote computers are directly connected to BT.  This is why the default setting is usually to have the gateway be the VPN... because then you are at least securing the current traffic, but that comes with a heavy toll on performance, as you are seeing.  If you disable the "Set Default Route as this Connection" as I described above, then you are opening up your LAN to the entire Internet with only the firewall that's enabled on the remote machine.  If that machine gets a virus it will pass it right through to your SBS via the VPN tunnel.

This is one reason you don't really want to use a VPN connection for your nurseries.  If they use a lot of common documents, then you really should look at Groove.  It will sync the folder in the background, securely over the Internet without the need for a VPN, so then the documents they open will be local, and will sync any changes they make back to the server.  Only the changes get synched, so it's very little traffic once the folder is replicated.

Groove is part of Office 2007 Enterprise or Ultimate, or can be purchased separately for $79.95.  You don't need any special server for it, you just install it on each remote computer as well as either your SBS or a workstation in the LAN with a user account that has full access to the network share.  You then just click the "Folder Sync" button on the Windows Explorer Toolbar.  There's a 2GB limit per workspace, so if you have more files than that then you would really be better off using SharePoint which will provide you with much more control and is designed for collaboration and distributed work environments.

Jeff
TechSoEasy

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20359714
Another option, by the way, is to use Google Docs and Spreadsheets if these are fairly simple documents.  See http://google.com/a for details about that.

Jeff
TechSoEasy
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP Server Service stops on SBS 2011 3 67
VPN Access to Network 4 35
SBS 2008 RDP Gateway works on from Windows 10 5 39
Updating Group Policy over a PPTP VPN 21 32
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question