Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Outlook 2010 Cached Mode & Gateway-to-Gateway VPN Connection.

Posted on 2013-06-26
Medium Priority
Last Modified: 2013-06-26
I have a dilemma with a client that has multiple office locations connected via dedicated VPN connections (gateway-to-gateway).  When they (approx. 5 people) travel to the remote offices (once or twice a week), they complain of the latency connecting to the main office via Terminal Services.  At the main office there are no latency problems.  The Internet connections at the remote sites are high bandwidth connections 15/5mbps, and the main office has a 50/15mbps connection.  So the Internet connections are adequate to work efficiently regardless of office location.  

The problem arrises when these users travel with their tablets and company issued Android phones at remote office locations.  Each remote location has wireless access to accommodate their phones and tablets.  By doing so it cuts down on the company data plan usage.  So its a cost savings on the plan, but also affecting network bandwidth.

The tablets are configured with Outlook 2010 Cached Mode, and as soon as Outlook is open it automatically starts syncing all items, and then afterwards as mail with attachments is sent and received the traffic seems to continue saturating the VPN connection.  I am basically saying, the users are noticing performance degradation issues while working in remote offices.  

I have setup ActiveSync to download headers to help reduce the syncing of attachments.  However, Outlook 2010 Cached Mode connected to an Exchange Server 2010 does not seem to have a throttle to download headers to cut down bandwidth consumption.

I was going to propose an additional Internet connection with a wireless router so that the phones and tablets can connect to so that ActiveSync and Outlook Cached Mode traffic have a separate dedicated Internet connection and not interfere with the dedicated VPN connection used for Terminal Services, VOIP connections, and at times remote printing.    

The client's laptops and phones work seamlessly when at home or other locations, and they will not like the idea of having to make changes on their phones and/or tablets when traveling to remote office locations.  I am hoping there is another way to skin this cat!  Any suggestions other than disable wireless access at the remote locations so their tablets and phones can't connect?
Question by:cmp119
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 12

Expert Comment

ID: 39277902
You could restrict the port traffic at the remote sites so that ONLY the terminal services traffic is allowed to pass.  It depends on your routing/vpn equipment on how to do that.

Alternatively, if the equipment allows it, you could enable QoS and give the terminal services traffic higher priority than the other traffic.  This could in effect be the bandwidth throttle you are looking for.

Keep in mind that it depends on your equipment, and you have to make sure that you configure in such a way that you're filtering traffic before it enters the VPN tunnel, so that may prove to be challenging.

Author Comment

ID: 39277932
Right now they have LinkSys RV series routers at all locations.  I can't remember the exact models, but they are no too robust.  They will be getting Cisco ISA 570 routers, but I do not know much of those models.  

Right now all traffic is going through the VPN.  I don't think there is a way to force specific traffic to use the Internet directly and not via the VPN connection.  Regardless, the traffic will still consume bandwidth regardless of direction since it must flow through the single Internet connection.  That's why I was leaning toward another separate Internet connection with wireless access, so that these specific devices can connect to.
LVL 12

Expert Comment

ID: 39278448
I believe that the Cisco ISA 570 will allow you to configure QoS and/or ACL rules to control the traffic the way that you wish.  How long before the ASA's be in place, and are you configuring them or is that being handled by someone else?

If someone else, can you make requests regarding the configuration to shape or filter the traffic to meet your needs?
LVL 12

Accepted Solution

mlongoh earned 2000 total points
ID: 39278507
Minimally, the 570 will allow you to set up a Guest wireless internet VLAN which you could make the iOS/Android tablets/smart devices utilize, and then set QoS lower for that traffic versus the VPN traffic.

I'm assuming that right now that nothing at a remote site bypasses the VPN, and so internet bound traffic is going through the VPN to your "main" site and then routed from there.

Until you get the new Cisco equipment, you might look into reconfiguring your site-to-site VPN to allow split tunneling... meaning that if the traffic is destined for one of your corporate internal addresses it goes through the VPN, otherwise it's routed out to the Internet (by passing the VPN and reducing the saturation of the VPN pipe).  It doesn't give you the full traffic control that you are needing, but it might provide some level of relief while waiting for the new stuff to show up.

Author Closing Comment

ID: 39278617
I figured the only solution was going to be new Cisco routers purchased with wireless access for guest networks.  That seems to be the cleanest approach.  Thank you for all your input!!!!

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question