Slow VPN between sonicwalls

Posted on 2010-11-15
Last Modified: 2012-05-10
I have a remote office which is connecting to the main office via a VPN between 2 sonicwall routers.  The main office uses a sonicwall tz-170 with standard OS and the remote office uses a sonicwall tz-180 with standard OS.  I am able to see the main office side, but my transfer speeds are VERy slow.  I have a T1 a the remote office and 2-T1s at the main office.  I have set VPN bandwidth management on the remote router at a gauranteed 1000kbps and a maximum 1200kbps and also set the main office side at a gauranteed 1000kbps and a maximum 1200kbps, both with a highest priority of 0.  Even with this, it still takes me 27 minutes to transfer a 215MB folder.  No, I am not trying to transfer files that large all the time, I was using that folder as a testing benchmark.  I know it won't be as fast as the main network, but I should at least get that transfer down to 5 minutes or so, right?
Question by:perk83
  • 2
LVL 33

Accepted Solution

digitap earned 250 total points
ID: 34138594
here are some things you can try.

- Check the WAN interface settings for speed and duplex.  You might try different combinations if the current settings are set to Auto.

- Confirm the MTU is set correctly for the WAN interface.  Review this EE Article I wrote that walks you through checking this.

- Within the VPN settings on each sonicwall, have you configured them in Main Mode or Aggressive Mode?  Typically, you use Main Mode if you have static IPs at each end and Aggressive Mode if you don't.  What I've come to learn is Aggressive mode has less packet size overhead.  So, you use less of the packet for IPSec stuff.

- Once you confirm all those settings, disable any BWM that you've enabled.  If you don't get the egress/ingress bandwidth sizes correct, you can really cause some extreme bandwidth issues.  However, on the standard OS, you really don't have the option of setting both ingress and egress.  you set it in one place.

In the end, if any of these settings are off, you'll drop packets.  dropping packets can cause slow transfer times.  is anything else different on your network...added Windows 7 workstations or Windows Server 2008?

Assisted Solution

JimmyITCS earned 250 total points
ID: 34141422
You are looking at a top speed, using a PTP VPN and a T1 (1.5mbps, no frame relay, no mpls, etc), is only 187.5 KB/s.  That translates to roughly (with nothing else traversing the pipe, including inet headers, etc) 19 min. 7 sec. for a 215MB folder.  Your 27 minutes seems right inline with what to expect from a T1.

Frame Relays, MPLS, and other WAN network technologies may be better for you instead of a PTP VPN.  The utilization and compression are much better using an MPLS technology, however cost can be prohibitive.

It doesn't sound like anything in your configuration is wrong.  Sure, you may be able to squeeze a couple more minutes off the time, but 9 minutes is unrealistic.

Author Closing Comment

ID: 34141560

I appreciate your help and input.


Thanks for the steps you outlined.  I will take a look at those and make any changes I can that you suggested.  That will help eek out every second of speed I can get.


After some testing later in the day and some quick calculations, I figured out exactly what you are saying.  It is good to hear from someone who knows more about WAN connections than I do.  I found out that it takes about 10 seconds to open a file while at the corporate site and that same file opened over the WAN takes about 15 minutes.  Since the corporate site is running on at least 100MBPS and the WAN at around 1MBPS, my math says the corporate site should be about 100 times faster than the WAN.

I am splitting the points since you both helped by either pointing out steps or clarifying what expectations i should have.

Again, thanks very much!!!!!
LVL 33

Expert Comment

ID: 34141742
no problem.  glad we could help and thanks for the points!

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WiFi Routers with Guest Network capability 14 74
Cisco ASA 3 34
snmp-server enable traps gdoi ks-rekey-pushed 3 22
Router Question 12 55
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question