Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issue with dropped packets between remote sites

Posted on 2011-02-24
10
Medium Priority
?
390 Views
Last Modified: 2012-05-11
My current setup is a 2 site organization, with 2 seperate subnets.  At the corporate office we have 2 ISP's, one is hooked up thru a Sonicwall NSA3500 which routes internet traffic and other rules like VPN, OWA, Exchange to an ISA server.  Our clients then have the proxy set to look at ISA to get out to the internet.

The 2nd ISP is hooked directly into an Edgemarc, which has a VPN tunnel established to our remote site.  The gateway for my client PC's, is set to the IP address of the on-site Edgemarc at each location.

The issue is when I begin to copy a file, I get time outs on each PC when doing pings during the file transfer.  There is a noticable pause in my remote connection, similar to if you unplug the network cable to a PC your remoted into and plug it back in real quick.  After this little hiccup, it continues to transfer the file and completes.  

Should my gateway be the Edgemarc?  I'm being asked why the gateway isn't the switch, and as long as I can remember you always used your router to route traffic to IP addresses on a different subnet.  We have tried replacing modems at each end, network cables, and swapping Edgemarc hardware.  It just appears to be an issue with routing, but I can't determine my next troubleshooting step.

Your advice is appreciated! Thanks!
0
Comment
Question by:jmchristy
  • 4
  • 4
  • 2
10 Comments
 
LVL 21

Expert Comment

by:Rick_O_Shay
ID: 34969459
Your gateway should usually be whatever router is nearest to the clients and is in as direct a path as possible to their destinations. You don't want to hop back and forth between routers because the gateway isn't the most direct route to where you are going.

You are most likely going to lose some packets when you go across a WAN of any kind. Therefore you need to use applications and protocols that do upper layer checking to make your transfers work around those glitches.

You can look at the error counters for the various circuits to see if they are taking any detectable errors that might be fixed or at least diagnosed with the vendor once you can see where they are but if they are happening outside of your control like somewhere in the WAN or Internet you won't be able to see them.

If you do a Wireshark capture from a client PC and maybe then move it to mirror the router's port you might get a better idea of what is breaking down.
0
 

Author Comment

by:jmchristy
ID: 34969509
I'll give that wireshark a try, and see if I can see anything.

How about my gateway? no issues with my gateway setup?  It shouldn't be my switch stack or ISA?
0
 
LVL 21

Accepted Solution

by:
Rick_O_Shay earned 2000 total points
ID: 34969817
If I'm reading you right you have two routers one of which is the default gateway for the local clients.

Anything that needs to go out the other router is going to have to be routed from your gateway to that router and then out. Unless redirects are in use in which case the gateway would alert the client to the better route that is available via the other router. Some stuff ignores the redirects and just continues to use use the default gateway and the extra hop anyway.

If you have a layer3 switch with routing enable between the clients and both routers then you could make it the default gateway and it would route directly to router A or B to get to the remote destinations.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:digitap
ID: 34970266
i agree with Rick regarding the routing.  it would be best to have a layer3 switch routing traffic to one or the other or to let one of your firewalls do the routing.
0
 

Author Comment

by:jmchristy
ID: 34970993
Thanks for the advice!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34971297
you're welcome.
0
 

Author Comment

by:jmchristy
ID: 34979315
I'd like to follow up on this with another question.

Since we switched from our Cisco p2p t1's to the Edgemarc as our gateway, all users who have that as their default gateway now can get right out to the internet.  We set the users proxy in IE to force them to use proxy, so we can apply our security policies with the GFI webmonitor package.

Question I have is, is it normal practice to have end users PC's access directly to the internet?  We have policies in place to restrict .EXE's that aren't approved, and force users to use a proxy.  Just wasn't sure if there are any other risks that I'm not aware of.

The users default gateway being point2point T1's before, if they didn't have a proxy specified they couldn't get out to the internet because the T's had no internet access.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34980612
i think it's just a matter of preference.  i deploy sonicwall appliances with the viewpoint server.  i depend on the sonicwall security services and viewpoint to keep my users safe.  i have clients that needed some extra work so i added a proxy to generate "white list" type access to the internet.  in that case, we didn't trust the users to make the good judgment call.

It sounds as if you Cisco may have been routing traffic according to your current Internet policy.  Maybe it had a access rule that would only let the proxy server out the WAN interface to the internet.  perhaps this is something to consider with your Edgemarc.  this would help your curtail someone having internet access outside your policies.
0
 

Author Comment

by:jmchristy
ID: 34982379
The Cisco was routing all traffic over a T1 and terminating at another T1, which was another Cisco router that had no internet access.  So traffic would go over the T1's and not know how to resolve, that was kind of our way of forcing internet users to always have that check box checked in IE.

Appreciate the feedback.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34982442
i see. that makes sense.  sure, if anything else comes up post back.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question