Network slows down when VPN is in use

Posted on 2009-02-23
Last Modified: 2012-05-06
IPSec VPN between two offices. Both Netopia R910 routers. Office A is on a T1, Office B is on 3.0/1.5 DSL. Exchange servers on both ends (same domain).

I've been experiencing random traffic spikes on Office A's network over the last few weeks. After many packet captures, it appears that when any traffic (Exchange replication, smtp, basic file transfers, etc.) traverses the VPN, Office A's network compeltely bogs down. Local ping times from my workstation to the gateway range between 500ms and 1000ms.

I am able to replicate the problem by starting a ping to my gateway, and starting a small file transfer to the server in Office B. Before the transfer begings I get a 1ms ping, but after the file transfer starts, the ping time jumps up to 300ms or higher and brings any external traffic to a crawl.

I have already switched out the R910 in Office A, and that does not affect the issue. Could it have something to do with the encapsulation, or the IPsec not translating correctly?

Question by:Laenedo
    LVL 28

    Expert Comment

    by:Bill Bach
    The Netopia Router spec sheet (at does not indicate the type of CPU provided.  Is it possible that the unit has such a slow CPU that it cannot easily handle a VPN connection AND its other tasks?  Would seem unusual, but you might be able to check this with the management software included.

    It would also be worthwhile to try flashing a new firmware onto the device, to see if code updates have alleviated this problem in the past.

    Accepted Solution

    Site A was using a model R910 and Site B was using a model R9120. Both had identical firmware. I found a spare R9120 and installed it at Site A. Once the VPN exchanged IKEs, it ran beautifully. I guess there is some kind of incompatibility between the R910 and R9120 because I tried multiple R910s with no luck.

    Thanks for the help BillBach.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
    SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now