Solved

Site to Site VPN vs Remote Client VPN

Posted on 2008-06-11
10
1,950 Views
Last Modified: 2009-01-11
Hello, i have a question regarding site to site vpn and remote access Vpn.

I currently have a site to site vpn connection between a main office in Norway and a branch office in Shanghai. Using Cisco 5505 ASA. Using the wizard and default encryption.

I also have a site to site connection between the main office here in norway and another location here in norway. That connection i use diffrent ecryption. DES MD5 GROUP2

But the connection is very slow, and many ICMP are lost when i use the ping x.x.x.x -t
When i use the VPN client and connect to the Shanghai office none of the ICMP are lost.

Any suggestions ? Maybe change the encryption level?

Ping Pinging 192.168.10.110 with 32 bytes of data:
 
Request timed out.
Reply from 192.168.10.110: bytes=32 time=751ms TTL=128
Reply from 192.168.10.110: bytes=32 time=756ms TTL=128
Reply from 192.168.10.110: bytes=32 time=743ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=740ms TTL=128
Reply from 192.168.10.110: bytes=32 time=745ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=738ms TTL=128
Request timed out.
Reply from 192.168.10.110: bytes=32 time=741ms TTL=128
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.10.110: bytes=32 time=747ms TTL=128
Request timed out.
 
Ping statistics for 192.168.10.110:
    Packets: Sent = 16, Received = 8, Lost = 8 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 738ms, Maximum = 756ms, Average = 745ms

0
Comment
Question by:daxa78
  • 5
  • 4
10 Comments
 
LVL 2

Expert Comment

by:atyar
ID: 21761892
Could you please clarify - you mention 2 vpn tunnels (Norway<->Norway and Norway<->Shanghai).  Are both tunnels giving you ping problems or just one (which one)?  Any chance you could post your config, 'x'ing out the sensitive information (keys, etc)?
0
 
LVL 1

Author Comment

by:daxa78
ID: 21764156
The only problem is the shanghai connection. My config is working good but im wondering what changing the encryption level could do with the speed?

Any input guys
0
 
LVL 2

Expert Comment

by:atyar
ID: 21765201
by definition, the higher the encryption level, the longer processing time it requires, although I'm not sure that would be particularly noticeable.  Is the Shanghai connection of comparable speed to the other Norway internet connection?
0
 
LVL 1

Author Comment

by:daxa78
ID: 21768781
the shanghai office has a 1mb connection and the norway office has a 3mb connection.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 2

Accepted Solution

by:
atyar earned 500 total points
ID: 21770028
Then it's a bit slower, but 1Mb should still be enough.
All the same, I've had issues in the past with needing to adjust the mtu (maximum transmission unit) due to packet loss.

Try this on your norway<-->shanghai connection:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml
0
 
LVL 1

Author Comment

by:daxa78
ID: 21770873
The thing is that it is not 1mb to norway it is 22k
0
 
LVL 2

Expert Comment

by:atyar
ID: 21771062
didn't your last post say norway office has a 3mb connection??
0
 
LVL 1

Author Comment

by:daxa78
ID: 21771219
The 1 mb is local in china but speed test to norway is only 22k. Meaning it a lot of bandwidth is lost on the way.
0
 
LVL 2

Expert Comment

by:atyar
ID: 21771941
in that case I would definitely follow the link I posted previously to adjust the mtu size down for the 22k link
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now