Solved

Slow VPN between sonicwalls

Posted on 2010-11-15
4
1,235 Views
Last Modified: 2012-05-10
I have a remote office which is connecting to the main office via a VPN between 2 sonicwall routers.  The main office uses a sonicwall tz-170 with standard OS and the remote office uses a sonicwall tz-180 with standard OS.  I am able to see the main office side, but my transfer speeds are VERy slow.  I have a T1 a the remote office and 2-T1s at the main office.  I have set VPN bandwidth management on the remote router at a gauranteed 1000kbps and a maximum 1200kbps and also set the main office side at a gauranteed 1000kbps and a maximum 1200kbps, both with a highest priority of 0.  Even with this, it still takes me 27 minutes to transfer a 215MB folder.  No, I am not trying to transfer files that large all the time, I was using that folder as a testing benchmark.  I know it won't be as fast as the main network, but I should at least get that transfer down to 5 minutes or so, right?
0
Comment
Question by:perk83
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 34138594
here are some things you can try.

- Check the WAN interface settings for speed and duplex.  You might try different combinations if the current settings are set to Auto.

- Confirm the MTU is set correctly for the WAN interface.  Review this EE Article I wrote that walks you through checking this.  http://www.experts-exchange.com/viewArticle.jsp?articleID=3110

- Within the VPN settings on each sonicwall, have you configured them in Main Mode or Aggressive Mode?  Typically, you use Main Mode if you have static IPs at each end and Aggressive Mode if you don't.  What I've come to learn is Aggressive mode has less packet size overhead.  So, you use less of the packet for IPSec stuff.

- Once you confirm all those settings, disable any BWM that you've enabled.  If you don't get the egress/ingress bandwidth sizes correct, you can really cause some extreme bandwidth issues.  However, on the standard OS, you really don't have the option of setting both ingress and egress.  you set it in one place.


In the end, if any of these settings are off, you'll drop packets.  dropping packets can cause slow transfer times.  is anything else different on your network...added Windows 7 workstations or Windows Server 2008?
0
 
LVL 4

Assisted Solution

by:JimmyITCS
JimmyITCS earned 250 total points
ID: 34141422
You are looking at a top speed, using a PTP VPN and a T1 (1.5mbps, no frame relay, no mpls, etc), is only 187.5 KB/s.  That translates to roughly (with nothing else traversing the pipe, including inet headers, etc) 19 min. 7 sec. for a 215MB folder.  Your 27 minutes seems right inline with what to expect from a T1.

Frame Relays, MPLS, and other WAN network technologies may be better for you instead of a PTP VPN.  The utilization and compression are much better using an MPLS technology, however cost can be prohibitive.

It doesn't sound like anything in your configuration is wrong.  Sure, you may be able to squeeze a couple more minutes off the time, but 9 minutes is unrealistic.
0
 
LVL 1

Author Closing Comment

by:perk83
ID: 34141560
Guys,

I appreciate your help and input.


Digi,

Thanks for the steps you outlined.  I will take a look at those and make any changes I can that you suggested.  That will help eek out every second of speed I can get.


Jimmy,

After some testing later in the day and some quick calculations, I figured out exactly what you are saying.  It is good to hear from someone who knows more about WAN connections than I do.  I found out that it takes about 10 seconds to open a file while at the corporate site and that same file opened over the WAN takes about 15 minutes.  Since the corporate site is running on at least 100MBPS and the WAN at around 1MBPS, my math says the corporate site should be about 100 times faster than the WAN.

I am splitting the points since you both helped by either pointing out steps or clarifying what expectations i should have.

Again, thanks very much!!!!!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34141742
no problem.  glad we could help and thanks for the points!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now