Go Premium for a chance to win a PS4. Enter to Win


Slow connection over VPN

Posted on 2007-11-27
Medium Priority
Last Modified: 2010-04-21
We have 8 nurseries who each have VPN access to HO office. Each site has a software Sonicwall connection through the Sonicwall TZ170 at HO.
This allows them access to a shared drive and email.
The drive is mapped on their PCs as P drive.
They are using XP Pro, I've made sure they're getting at least 6MB download. HO admittedly only has 756KB upload, but up to last month it was only 256!
At HO we run SBS2003 patched.
I'm aware that pulling data from a mapped drive will be slow and I'm hoping in the future for a terminal server, but the strange problem is they have slow connectivity; no no hang on... slowww connectivity.
Some nurseries can connect to the P drive in 10 to 20 seconds usually longer though and some take - wait for it - 15 minutes! longer sometimes!
Any suggestions? This issue is causing grief and I have no idea where to look.
Question by:jasonbournecia
  • 3
  • 2
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 200 total points
ID: 20357653
I'd suspect that the slowness is coming from the fact that your VPN connections are using the HO's IP address as their gateway.  Which means that if someone at one of the nurseries is surfing the Internet, or downloading music, etc, it's going through your Sonicwall.

You should probably monitor that, but you should also know that you don't need a VPN connection for email access.  Instead you should be using RPC over HTTPS to have a remote Outlook 2003 connect directly to your server.

This feature must be enabled in the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List) by checking the box on the Web Services Configuration Screen for "Outlook via the Internet".

A visual how-to is here:  http://sbsurl.com/ceicw

Port 443 must be open on your router/firewall.

Then RPC over HTTPS Outlook client configuration instructions are on the server's Remote Web Workplace main menu -- linked as "Configure Outlook via the Internet" -- access the RWW Main Menu by going to http://localhost/remote from on your server.  (See http://sbsurl.com/rww for more info on RWW).

A full overview for SBS based RPC/HTTPS configurations is here:  http://sbsurl.com/rpc

Then, I'd suggest that instead of mapping a drive, you start using a SharePoint Document Library for your shared documents.  That can be accessed externally using https://server.yourdomain.com:444 (or through RWW).

The 6MB download doesn't do a bit of good when the HO is at 256-756KB and there are 8 different connections trying to pull data over that.

Putting in a Terminal Server will not help the problem, it may even make it worse.  

Another option to sharing out that folder is to use Microsoft Office Groove.  http://www.microsoft.com/groove


Author Comment

ID: 20357918
Thanks for your help Jeff,
I thought about terminal server and sticking office on it, the nurseries can use that for everything as they're only pulling down screenshots.
I checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address.
Also, I havent used Sharepoint yet, but I believe that it still has time issues as they still will be pulling documents over the net?

Author Closing Comment

ID: 31411172
Only only say partially because I havent had the chance yet to test the solutions on offer, but a very decent answer
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20359704
Installing Office on a Terminal Server requires the ENTERPRISE license for Office for as many users as you have TS CALs... so you're talking about thousands of dollars of licensing for that.

" checked with a nursery and they're showing two IPs correctly, one for the sonciwall virtual adapter with the domain IP address of 192.168 blah blah and the other IP for the BT internet connection where the IP and gateway use the same public address."

That doesn't tell you a thing.  You cannot look at an IPCONFIG and know which connection is being used as the gateway.  You have to look at a "ROUTE PRINT" command and see what it says for the "Default Gateway".  If it's the 192.168.x.x address of your SBS then all of their Internet browsing is going through your SBS.  In the Sonicwall client, I believe the setting is "Set Default Route as this Connection".  If that's enabled everything is going through the VPN.  See:  http://help.mysonicwall.com/sw/eng/general/ui1/6600/VPN/Client_Settings.htm

" believe that it still has time issues as they still will be pulling documents over the net? "

If what I'm suspecting it the problem as described above, then no, it won't be the same because with SharePoint you don't use a VPN connection.  FYI, connecting a NON-Domain computer to your LAN via VPN is a very risky thing to do.  Since these remote computers are directly connected to BT.  This is why the default setting is usually to have the gateway be the VPN... because then you are at least securing the current traffic, but that comes with a heavy toll on performance, as you are seeing.  If you disable the "Set Default Route as this Connection" as I described above, then you are opening up your LAN to the entire Internet with only the firewall that's enabled on the remote machine.  If that machine gets a virus it will pass it right through to your SBS via the VPN tunnel.

This is one reason you don't really want to use a VPN connection for your nurseries.  If they use a lot of common documents, then you really should look at Groove.  It will sync the folder in the background, securely over the Internet without the need for a VPN, so then the documents they open will be local, and will sync any changes they make back to the server.  Only the changes get synched, so it's very little traffic once the folder is replicated.

Groove is part of Office 2007 Enterprise or Ultimate, or can be purchased separately for $79.95.  You don't need any special server for it, you just install it on each remote computer as well as either your SBS or a workstation in the LAN with a user account that has full access to the network share.  You then just click the "Folder Sync" button on the Windows Explorer Toolbar.  There's a 2GB limit per workspace, so if you have more files than that then you would really be better off using SharePoint which will provide you with much more control and is designed for collaboration and distributed work environments.


LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20359714
Another option, by the way, is to use Google Docs and Spreadsheets if these are fairly simple documents.  See http://google.com/a for details about that.


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question