Slow VPN between sonicwalls

Posted on 2010-11-15
Medium Priority
Last Modified: 2012-05-10
I have a remote office which is connecting to the main office via a VPN between 2 sonicwall routers.  The main office uses a sonicwall tz-170 with standard OS and the remote office uses a sonicwall tz-180 with standard OS.  I am able to see the main office side, but my transfer speeds are VERy slow.  I have a T1 a the remote office and 2-T1s at the main office.  I have set VPN bandwidth management on the remote router at a gauranteed 1000kbps and a maximum 1200kbps and also set the main office side at a gauranteed 1000kbps and a maximum 1200kbps, both with a highest priority of 0.  Even with this, it still takes me 27 minutes to transfer a 215MB folder.  No, I am not trying to transfer files that large all the time, I was using that folder as a testing benchmark.  I know it won't be as fast as the main network, but I should at least get that transfer down to 5 minutes or so, right?
Question by:perk83
  • 2
LVL 33

Accepted Solution

digitap earned 1000 total points
ID: 34138594
here are some things you can try.

- Check the WAN interface settings for speed and duplex.  You might try different combinations if the current settings are set to Auto.

- Confirm the MTU is set correctly for the WAN interface.  Review this EE Article I wrote that walks you through checking this.  http://www.experts-exchange.com/viewArticle.jsp?articleID=3110

- Within the VPN settings on each sonicwall, have you configured them in Main Mode or Aggressive Mode?  Typically, you use Main Mode if you have static IPs at each end and Aggressive Mode if you don't.  What I've come to learn is Aggressive mode has less packet size overhead.  So, you use less of the packet for IPSec stuff.

- Once you confirm all those settings, disable any BWM that you've enabled.  If you don't get the egress/ingress bandwidth sizes correct, you can really cause some extreme bandwidth issues.  However, on the standard OS, you really don't have the option of setting both ingress and egress.  you set it in one place.

In the end, if any of these settings are off, you'll drop packets.  dropping packets can cause slow transfer times.  is anything else different on your network...added Windows 7 workstations or Windows Server 2008?

Assisted Solution

by:Jimmy Andrews
Jimmy Andrews earned 1000 total points
ID: 34141422
You are looking at a top speed, using a PTP VPN and a T1 (1.5mbps, no frame relay, no mpls, etc), is only 187.5 KB/s.  That translates to roughly (with nothing else traversing the pipe, including inet headers, etc) 19 min. 7 sec. for a 215MB folder.  Your 27 minutes seems right inline with what to expect from a T1.

Frame Relays, MPLS, and other WAN network technologies may be better for you instead of a PTP VPN.  The utilization and compression are much better using an MPLS technology, however cost can be prohibitive.

It doesn't sound like anything in your configuration is wrong.  Sure, you may be able to squeeze a couple more minutes off the time, but 9 minutes is unrealistic.

Author Closing Comment

ID: 34141560

I appreciate your help and input.


Thanks for the steps you outlined.  I will take a look at those and make any changes I can that you suggested.  That will help eek out every second of speed I can get.


After some testing later in the day and some quick calculations, I figured out exactly what you are saying.  It is good to hear from someone who knows more about WAN connections than I do.  I found out that it takes about 10 seconds to open a file while at the corporate site and that same file opened over the WAN takes about 15 minutes.  Since the corporate site is running on at least 100MBPS and the WAN at around 1MBPS, my math says the corporate site should be about 100 times faster than the WAN.

I am splitting the points since you both helped by either pointing out steps or clarifying what expectations i should have.

Again, thanks very much!!!!!
LVL 33

Expert Comment

ID: 34141742
no problem.  glad we could help and thanks for the points!

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question