Solved

Slow VPN between sonicwalls

Posted on 2010-11-15
4
1,259 Views
Last Modified: 2012-05-10
I have a remote office which is connecting to the main office via a VPN between 2 sonicwall routers.  The main office uses a sonicwall tz-170 with standard OS and the remote office uses a sonicwall tz-180 with standard OS.  I am able to see the main office side, but my transfer speeds are VERy slow.  I have a T1 a the remote office and 2-T1s at the main office.  I have set VPN bandwidth management on the remote router at a gauranteed 1000kbps and a maximum 1200kbps and also set the main office side at a gauranteed 1000kbps and a maximum 1200kbps, both with a highest priority of 0.  Even with this, it still takes me 27 minutes to transfer a 215MB folder.  No, I am not trying to transfer files that large all the time, I was using that folder as a testing benchmark.  I know it won't be as fast as the main network, but I should at least get that transfer down to 5 minutes or so, right?
0
Comment
Question by:perk83
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34138594
here are some things you can try.

- Check the WAN interface settings for speed and duplex.  You might try different combinations if the current settings are set to Auto.

- Confirm the MTU is set correctly for the WAN interface.  Review this EE Article I wrote that walks you through checking this.  http://www.experts-exchange.com/viewArticle.jsp?articleID=3110

- Within the VPN settings on each sonicwall, have you configured them in Main Mode or Aggressive Mode?  Typically, you use Main Mode if you have static IPs at each end and Aggressive Mode if you don't.  What I've come to learn is Aggressive mode has less packet size overhead.  So, you use less of the packet for IPSec stuff.

- Once you confirm all those settings, disable any BWM that you've enabled.  If you don't get the egress/ingress bandwidth sizes correct, you can really cause some extreme bandwidth issues.  However, on the standard OS, you really don't have the option of setting both ingress and egress.  you set it in one place.


In the end, if any of these settings are off, you'll drop packets.  dropping packets can cause slow transfer times.  is anything else different on your network...added Windows 7 workstations or Windows Server 2008?
0
 
LVL 4

Assisted Solution

by:JimmyITCS
JimmyITCS earned 250 total points
ID: 34141422
You are looking at a top speed, using a PTP VPN and a T1 (1.5mbps, no frame relay, no mpls, etc), is only 187.5 KB/s.  That translates to roughly (with nothing else traversing the pipe, including inet headers, etc) 19 min. 7 sec. for a 215MB folder.  Your 27 minutes seems right inline with what to expect from a T1.

Frame Relays, MPLS, and other WAN network technologies may be better for you instead of a PTP VPN.  The utilization and compression are much better using an MPLS technology, however cost can be prohibitive.

It doesn't sound like anything in your configuration is wrong.  Sure, you may be able to squeeze a couple more minutes off the time, but 9 minutes is unrealistic.
0
 
LVL 1

Author Closing Comment

by:perk83
ID: 34141560
Guys,

I appreciate your help and input.


Digi,

Thanks for the steps you outlined.  I will take a look at those and make any changes I can that you suggested.  That will help eek out every second of speed I can get.


Jimmy,

After some testing later in the day and some quick calculations, I figured out exactly what you are saying.  It is good to hear from someone who knows more about WAN connections than I do.  I found out that it takes about 10 seconds to open a file while at the corporate site and that same file opened over the WAN takes about 15 minutes.  Since the corporate site is running on at least 100MBPS and the WAN at around 1MBPS, my math says the corporate site should be about 100 times faster than the WAN.

I am splitting the points since you both helped by either pointing out steps or clarifying what expectations i should have.

Again, thanks very much!!!!!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34141742
no problem.  glad we could help and thanks for the points!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question