Solved

Outlook 2010 Cached Mode & Gateway-to-Gateway VPN Connection.

Posted on 2013-06-26
5
561 Views
Last Modified: 2013-06-26
I have a dilemma with a client that has multiple office locations connected via dedicated VPN connections (gateway-to-gateway).  When they (approx. 5 people) travel to the remote offices (once or twice a week), they complain of the latency connecting to the main office via Terminal Services.  At the main office there are no latency problems.  The Internet connections at the remote sites are high bandwidth connections 15/5mbps, and the main office has a 50/15mbps connection.  So the Internet connections are adequate to work efficiently regardless of office location.  

The problem arrises when these users travel with their tablets and company issued Android phones at remote office locations.  Each remote location has wireless access to accommodate their phones and tablets.  By doing so it cuts down on the company data plan usage.  So its a cost savings on the plan, but also affecting network bandwidth.

The tablets are configured with Outlook 2010 Cached Mode, and as soon as Outlook is open it automatically starts syncing all items, and then afterwards as mail with attachments is sent and received the traffic seems to continue saturating the VPN connection.  I am basically saying, the users are noticing performance degradation issues while working in remote offices.  

I have setup ActiveSync to download headers to help reduce the syncing of attachments.  However, Outlook 2010 Cached Mode connected to an Exchange Server 2010 does not seem to have a throttle to download headers to cut down bandwidth consumption.

I was going to propose an additional Internet connection with a wireless router so that the phones and tablets can connect to so that ActiveSync and Outlook Cached Mode traffic have a separate dedicated Internet connection and not interfere with the dedicated VPN connection used for Terminal Services, VOIP connections, and at times remote printing.    

The client's laptops and phones work seamlessly when at home or other locations, and they will not like the idea of having to make changes on their phones and/or tablets when traveling to remote office locations.  I am hoping there is another way to skin this cat!  Any suggestions other than disable wireless access at the remote locations so their tablets and phones can't connect?
0
Comment
Question by:cmp119
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:mlongoh
ID: 39277902
You could restrict the port traffic at the remote sites so that ONLY the terminal services traffic is allowed to pass.  It depends on your routing/vpn equipment on how to do that.

Alternatively, if the equipment allows it, you could enable QoS and give the terminal services traffic higher priority than the other traffic.  This could in effect be the bandwidth throttle you are looking for.

Keep in mind that it depends on your equipment, and you have to make sure that you configure in such a way that you're filtering traffic before it enters the VPN tunnel, so that may prove to be challenging.
0
 

Author Comment

by:cmp119
ID: 39277932
Right now they have LinkSys RV series routers at all locations.  I can't remember the exact models, but they are no too robust.  They will be getting Cisco ISA 570 routers, but I do not know much of those models.  

Right now all traffic is going through the VPN.  I don't think there is a way to force specific traffic to use the Internet directly and not via the VPN connection.  Regardless, the traffic will still consume bandwidth regardless of direction since it must flow through the single Internet connection.  That's why I was leaning toward another separate Internet connection with wireless access, so that these specific devices can connect to.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 39278448
I believe that the Cisco ISA 570 will allow you to configure QoS and/or ACL rules to control the traffic the way that you wish.  How long before the ASA's be in place, and are you configuring them or is that being handled by someone else?

If someone else, can you make requests regarding the configuration to shape or filter the traffic to meet your needs?
0
 
LVL 12

Accepted Solution

by:
mlongoh earned 500 total points
ID: 39278507
Minimally, the 570 will allow you to set up a Guest wireless internet VLAN which you could make the iOS/Android tablets/smart devices utilize, and then set QoS lower for that traffic versus the VPN traffic.

I'm assuming that right now that nothing at a remote site bypasses the VPN, and so internet bound traffic is going through the VPN to your "main" site and then routed from there.

Until you get the new Cisco equipment, you might look into reconfiguring your site-to-site VPN to allow split tunneling... meaning that if the traffic is destined for one of your corporate internal addresses it goes through the VPN, otherwise it's routed out to the Internet (by passing the VPN and reducing the saturation of the VPN pipe).  It doesn't give you the full traffic control that you are needing, but it might provide some level of relief while waiting for the new stuff to show up.
0
 

Author Closing Comment

by:cmp119
ID: 39278617
I figured the only solution was going to be new Cisco routers purchased with wireless access for guest networks.  That seems to be the cleanest approach.  Thank you for all your input!!!!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now