Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Problems with VPN tunnel across the internet being unstable, what device can I place between my firewall and the ISP router to plug into and diagnose?

Posted on 2009-05-18
Medium Priority
Last Modified: 2013-12-14
I need to monitor our connection over a VPN tunnel between 2 firewalls across the Internet and be able to see if the problem is on the ISP carrier side, any recommendations for network device. I have 2 sonicwall firewalls that connect the 2 offices via VPN tunnel, but the remote office has been having slow connections and freezing up after installing a new Fibre internet connection with Embarq.  When I call them to tell them the circuit is acting flaky, they tell me everything is fine on there equipment it must be on ours.  The only way to prove it is to bypass my firewall and if I do that I disconnect our remote office completely.  Would placing a layer 3 switch in between our firewall and their router allow me to plug a laptop in and run testing, bypassing our firewalls?  Anyone out there that might have a suggestion for me to check on our LANs or firewalls to see if the problem really is on our side.

Thanks, frustrated in Florida
Question by:esmf23it
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 23

Accepted Solution

debuggerau earned 2000 total points
ID: 24417407
Any switch that contains port mirroring should allow you to sniff the traffic, however a cheap old hub may do the trick, although limited to 10Meg.

I think you will find it difficult to diagnose the traffic since it is VPN encrypted traffic, rather look at the logs on the firewalls for hints to why it is happening firstly, then move into the routers etc.

Internet VPN's are not rock solid and it might be better to ensure your internet connection is stable on both ends but inserting a monitoring machine in the DMZ and get latency stats out of the pings from remote site. Be even better with SNMP enabled devices and a RMON service.

And then there is the conditions, time of day, certain peak usage, voice or video calls? which all give some incite to the issue..


Author Comment

ID: 24431403
debuggerau, Thanks for the thoughts and insight. I do want to place a machine in the DMZ that is created by putting a switch in between our firewall and the ISP's router.  Embarq (ISP) has assured me that since it is a fibre connection and we don't share the connection that we should have a very stable connection and should not experience peaks in performance.  We have noticed that the real slow downs tend to come in the mid afternoon range. So would you think I can find a hub that would operate at 100mbps?
LVL 23

Expert Comment

ID: 24437763
If you do, please let me know...

Technology moves so quick, they went to switches before the 100Meg was available, so not that I know..

Author Comment

ID: 24445569
I tried to use on of our layer 2 switches to create a VLAN across 3 of the ports. Port 1 plugged the cable from the ISP's router, port 2 plugged into the firewall, plug 3 left available to plug in a computer.  It would not work with the switch, I will try it with the hub next, as soon as I can find one.
LVL 23

Expert Comment

ID: 24446733
layer 2 switch is ok, just as long as it has mirrored port feature...

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question