Slow SSL VPN - Windows 2003
We have a customer that was forced to move away from a previous internet solution due to the demise of SDSL.
The SDSL was replaced with a 10MB EFM service. In addition to this, we replaced the old Cisco ASA 5510 which provided VPN connectivity through the Cisco VPN client, with a Sophos UTM 220.
The Sophos UTM provides a number of attractive security enhancements, however the SSL VPN is atrociously slow and sometimes indicates that there has been a disconnection from the server (when opening a file). Also, be aware that some of these file are tiny in size (50-300KB)
As a result of this we have a very frustrated customer. Sophos technical support say, 'it should just work'. We have worked with a 3rd party company contracted by Sophos who have indicated that this is a Windows issue.
In addition to the Sophos UTM, we have tried a Sonicwall NSA 250. This is also slow, but does not disconnect when opening files or browsing the directory srtucture through mapped drives.
A Meraki MX 80 was tried using VPN. This was slightly better, but nothing to write home about.
Windows PPTP was tried. This was slightly better again, but not our chosen method of VPN connectivity.
Can anyone put and end to our misery?
Please see attached, which illustrates what was in place before, and what is in place now.
Scenarios.docx
The SDSL was replaced with a 10MB EFM service. In addition to this, we replaced the old Cisco ASA 5510 which provided VPN connectivity through the Cisco VPN client, with a Sophos UTM 220.
The Sophos UTM provides a number of attractive security enhancements, however the SSL VPN is atrociously slow and sometimes indicates that there has been a disconnection from the server (when opening a file). Also, be aware that some of these file are tiny in size (50-300KB)
As a result of this we have a very frustrated customer. Sophos technical support say, 'it should just work'. We have worked with a 3rd party company contracted by Sophos who have indicated that this is a Windows issue.
In addition to the Sophos UTM, we have tried a Sonicwall NSA 250. This is also slow, but does not disconnect when opening files or browsing the directory srtucture through mapped drives.
A Meraki MX 80 was tried using VPN. This was slightly better, but nothing to write home about.
Windows PPTP was tried. This was slightly better again, but not our chosen method of VPN connectivity.
Can anyone put and end to our misery?
Please see attached, which illustrates what was in place before, and what is in place now.
Scenarios.docx
ASKER
Purchased speed is 10MB synchronous (Ethernet First Mile).
See speed test results attached
Also see file transfer screen shot attached
All tests were conducted from a Windows 7 Pro computer
The file transfer was conducted from a remote fibre ADSL connection with speeds of 25MB download/6MB upload.
Speedtests-Results---Experts-Exc.xlsx
File-transfer-screenshot.docx
See speed test results attached
Also see file transfer screen shot attached
All tests were conducted from a Windows 7 Pro computer
The file transfer was conducted from a remote fibre ADSL connection with speeds of 25MB download/6MB upload.
Speedtests-Results---Experts-Exc.xlsx
File-transfer-screenshot.docx
ASKER
FTP Test
I set up a temporary FTP server behind the default firewall and remotely downloaded a 102MB file over a standard ADSL (with approx 20MB download at the remote site). This took 5 minute 35 seconds. Compared to copying data over a windows mapped drive, this was like lightening.
It seems to me that when connected to the Sophos SSL VPN and browsing windows shared data over mapped drives or UNC path is the main issue.
I set up a temporary FTP server behind the default firewall and remotely downloaded a 102MB file over a standard ADSL (with approx 20MB download at the remote site). This took 5 minute 35 seconds. Compared to copying data over a windows mapped drive, this was like lightening.
It seems to me that when connected to the Sophos SSL VPN and browsing windows shared data over mapped drives or UNC path is the main issue.
So the problem occurs when you a doing a copy, or using a file on a share, as opposed to an ftp up/down load.
Perhaps the mtu size is an issue here.
Take a look at the following.
http://www.elifulkerson.com/projects/mturoute.php
Perhaps the mtu size is an issue here.
Take a look at the following.
http://www.elifulkerson.com/projects/mturoute.php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We were led to this conclusion by various posts available to the general public. The theory was proved when we replaced the SSL with and iPsec alternative.
If you run speedtest.net from the location, is the performance anywhere near the purchased speeds?