Solved

Slow connection over VPN

Posted on 2007-11-27
5
2,100 Views
Last Modified: 2010-04-21
Hi,
We have 8 nurseries who each have VPN access to HO office. Each site has a software Sonicwall connection through the Sonicwall TZ170 at HO.
This allows them access to a shared drive and email.
The drive is mapped on their PCs as P drive.
They are using XP Pro, I've made sure they're getting at least 6MB download. HO admittedly only has 756KB upload, but up to last month it was only 256!
At HO we run SBS2003 patched.
I'm aware that pulling data from a mapped drive will be slow and I'm hoping in the future for a terminal server, but the strange problem is they have slow connectivity; no no hang on... slowww connectivity.
Some nurseries can connect to the P drive in 10 to 20 seconds usually longer though and some take - wait for it - 15 minutes! longer sometimes!
Any suggestions? This issue is causing grief and I have no idea where to look.
John
0
Comment
Question by:jasonbournecia
  • 3
  • 2
5 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 50 total points
Comment Utility
I'd suspect that the slowness is coming from the fact that your VPN connections are using the HO's IP address as their gateway.  Which means that if someone at one of the nurseries is surfing the Internet, or downloading music, etc, it's going through your Sonicwall.

You should probably monitor that, but you should also know that you don't need a VPN connection for email access.  Instead you should be using RPC over HTTPS to have a remote Outlook 2003 connect directly to your server.

This feature must be enabled in the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) by checking the box on the Web Services Configuration Screen for "Outlook via the Internet".

A visual how-to is here:  http://sbsurl.com/ceicw

Port 443 must be open on your router/firewall.

Then RPC over HTTPS Outlook client configuration instructions are on the server's Remote Web Workplace main menu -- linked as "Configure Outlook via the Internet" -- access the RWW Main Menu by going to http://localhost/remote from on your server.  (See http://sbsurl.com/rww for more info on RWW).

A full overview for SBS based RPC/HTTPS configurations is here:  http://sbsurl.com/rpc

Then, I'd suggest that instead of mapping a drive, you start using a SharePoint Document Library for your shared documents.  That can be accessed externally using https://server.yourdomain.com:444 (or through RWW).

The 6MB download doesn't do a bit of good when the HO is at 256-756KB and there are 8 different connections trying to pull data over that.

Putting in a Terminal Server will not help the problem, it may even make it worse.  

Another option to sharing out that folder is to use Microsoft Office Groove.  http://www.microsoft.com/groove

Jeff
TechSoEasy
0
 

Author Comment

by:jasonbournecia
Comment Utility
Thanks for your help Jeff,
I thought about terminal server and sticking office on it, the nurseries can use that for everything as they're only pulling down screenshots.
I checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address.
Also, I havent used Sharepoint yet, but I believe that it still has time issues as they still will be pulling documents over the net?
John
0
 

Author Closing Comment

by:jasonbournecia
Comment Utility
Only only say partially because I havent had the chance yet to test the solutions on offer, but a very decent answer
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Installing Office on a Terminal Server requires the ENTERPRISE license for Office for as many users as you have TS CALs... so you're talking about thousands of dollars of licensing for that.

" checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address."

That doesn't tell you a thing.  You cannot look at an IPCONFIG and know which connection is being used as the gateway.  You have to look at a "ROUTE PRINT" command and see what it says for the "Default Gateway".  If it's the 192.168.x.x address of your SBS then all of their Internet browsing is going through your SBS.  In the Sonicwall client, I believe the setting is "Set Default Route as this Connection".  If that's enabled everything is going through the VPN.  See:  http://help.mysonicwall.com/sw/eng/general/ui1/6600/VPN/Client_Settings.htm

" believe that it still has time issues as they still will be pulling documents over the net? "

If what I'm suspecting it the problem as described above, then no, it won't be the same because with SharePoint you don't use a VPN connection.  FYI, connecting a NON-Domain computer to your LAN via VPN is a very risky thing to do.  Since these remote computers are directly connected to BT.  This is why the default setting is usually to have the gateway be the VPN... because then you are at least securing the current traffic, but that comes with a heavy toll on performance, as you are seeing.  If you disable the "Set Default Route as this Connection" as I described above, then you are opening up your LAN to the entire Internet with only the firewall that's enabled on the remote machine.  If that machine gets a virus it will pass it right through to your SBS via the VPN tunnel.

This is one reason you don't really want to use a VPN connection for your nurseries.  If they use a lot of common documents, then you really should look at Groove.  It will sync the folder in the background, securely over the Internet without the need for a VPN, so then the documents they open will be local, and will sync any changes they make back to the server.  Only the changes get synched, so it's very little traffic once the folder is replicated.

Groove is part of Office 2007 Enterprise or Ultimate, or can be purchased separately for $79.95.  You don't need any special server for it, you just install it on each remote computer as well as either your SBS or a workstation in the LAN with a user account that has full access to the network share.  You then just click the "Folder Sync" button on the Windows Explorer Toolbar.  There's a 2GB limit per workspace, so if you have more files than that then you would really be better off using SharePoint which will provide you with much more control and is designed for collaboration and distributed work environments.

Jeff
TechSoEasy

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Another option, by the way, is to use Google Docs and Spreadsheets if these are fairly simple documents.  See http://google.com/a for details about that.

Jeff
TechSoEasy
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now