• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1438
  • Last Modified:

Slow VPN between sonicwalls

I have a remote office which is connecting to the main office via a VPN between 2 sonicwall routers.  The main office uses a sonicwall tz-170 with standard OS and the remote office uses a sonicwall tz-180 with standard OS.  I am able to see the main office side, but my transfer speeds are VERy slow.  I have a T1 a the remote office and 2-T1s at the main office.  I have set VPN bandwidth management on the remote router at a gauranteed 1000kbps and a maximum 1200kbps and also set the main office side at a gauranteed 1000kbps and a maximum 1200kbps, both with a highest priority of 0.  Even with this, it still takes me 27 minutes to transfer a 215MB folder.  No, I am not trying to transfer files that large all the time, I was using that folder as a testing benchmark.  I know it won't be as fast as the main network, but I should at least get that transfer down to 5 minutes or so, right?
  • 2
2 Solutions
here are some things you can try.

- Check the WAN interface settings for speed and duplex.  You might try different combinations if the current settings are set to Auto.

- Confirm the MTU is set correctly for the WAN interface.  Review this EE Article I wrote that walks you through checking this.  http://www.experts-exchange.com/viewArticle.jsp?articleID=3110

- Within the VPN settings on each sonicwall, have you configured them in Main Mode or Aggressive Mode?  Typically, you use Main Mode if you have static IPs at each end and Aggressive Mode if you don't.  What I've come to learn is Aggressive mode has less packet size overhead.  So, you use less of the packet for IPSec stuff.

- Once you confirm all those settings, disable any BWM that you've enabled.  If you don't get the egress/ingress bandwidth sizes correct, you can really cause some extreme bandwidth issues.  However, on the standard OS, you really don't have the option of setting both ingress and egress.  you set it in one place.

In the end, if any of these settings are off, you'll drop packets.  dropping packets can cause slow transfer times.  is anything else different on your network...added Windows 7 workstations or Windows Server 2008?
Jimmy AndrewsFounder, What2do.LiveCommented:
You are looking at a top speed, using a PTP VPN and a T1 (1.5mbps, no frame relay, no mpls, etc), is only 187.5 KB/s.  That translates to roughly (with nothing else traversing the pipe, including inet headers, etc) 19 min. 7 sec. for a 215MB folder.  Your 27 minutes seems right inline with what to expect from a T1.

Frame Relays, MPLS, and other WAN network technologies may be better for you instead of a PTP VPN.  The utilization and compression are much better using an MPLS technology, however cost can be prohibitive.

It doesn't sound like anything in your configuration is wrong.  Sure, you may be able to squeeze a couple more minutes off the time, but 9 minutes is unrealistic.
perk83Author Commented:

I appreciate your help and input.


Thanks for the steps you outlined.  I will take a look at those and make any changes I can that you suggested.  That will help eek out every second of speed I can get.


After some testing later in the day and some quick calculations, I figured out exactly what you are saying.  It is good to hear from someone who knows more about WAN connections than I do.  I found out that it takes about 10 seconds to open a file while at the corporate site and that same file opened over the WAN takes about 15 minutes.  Since the corporate site is running on at least 100MBPS and the WAN at around 1MBPS, my math says the corporate site should be about 100 times faster than the WAN.

I am splitting the points since you both helped by either pointing out steps or clarifying what expectations i should have.

Again, thanks very much!!!!!
no problem.  glad we could help and thanks for the points!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now