Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Slow SSL VPN - Windows 2003

Posted on 2014-04-10
6
Medium Priority
?
1,020 Views
Last Modified: 2016-02-25
We have a customer that was forced to move away from a previous internet solution due to the demise of SDSL.

The SDSL was replaced with a 10MB EFM service. In addition to this, we replaced the old Cisco ASA 5510 which provided VPN connectivity through the Cisco VPN client, with a Sophos UTM 220.

The Sophos UTM provides a number of attractive security enhancements, however the SSL VPN is atrociously slow and sometimes indicates that there has been a disconnection from the server (when opening a file). Also, be aware that some of these file are tiny in size (50-300KB)

As a result of this we have a very frustrated customer. Sophos technical support say, 'it should just work'. We have worked with a 3rd party company contracted by Sophos who have indicated that this is a Windows issue.

In addition to the Sophos UTM, we have tried a Sonicwall NSA 250. This is also slow, but does not disconnect when opening files or browsing the directory srtucture through mapped drives.

A Meraki MX 80 was tried using VPN. This was slightly better, but nothing to write home about.

Windows PPTP was tried. This was slightly better again, but not our chosen method of VPN connectivity.

Can anyone put and end to our misery?

Please see attached, which illustrates what was in place before, and what is in place now.
Scenarios.docx
0
Comment
Question by:swan_solutions
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39992452
Are you sure you don't have an ISP issue?

If you run speedtest.net from the location, is the performance anywhere near the purchased speeds?
0
 

Author Comment

by:swan_solutions
ID: 39993505
Purchased speed is 10MB synchronous (Ethernet First Mile).
See speed test results attached
Also see file transfer screen shot attached

All tests were conducted from a Windows 7 Pro computer

The file transfer was conducted from a remote fibre ADSL connection with speeds of 25MB download/6MB upload.
Speedtests-Results---Experts-Exc.xlsx
File-transfer-screenshot.docx
0
 

Author Comment

by:swan_solutions
ID: 39993843
FTP Test
I set up a temporary FTP server behind the default firewall and remotely downloaded a 102MB file over a standard ADSL  (with approx 20MB download at the remote site). This took 5 minute 35 seconds. Compared to copying data over a windows mapped drive, this was like lightening.

It seems to me that when connected to the Sophos SSL VPN and browsing windows shared data over mapped drives or UNC path is the main issue.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 20

Expert Comment

by:carlmd
ID: 39993863
So the problem occurs when you a doing a copy, or using a file on a share, as opposed to an ftp up/down load.

Perhaps the mtu size is an issue here.

Take a look at the following.

http://www.elifulkerson.com/projects/mturoute.php
0
 

Accepted Solution

by:
swan_solutions earned 0 total points
ID: 40169720
Dear All,

We eventually resolved this issue by ditching the SSL VPN solution and moving to a IPSec alternative. This issue was not related to an ISP speed or contention issues, but simply due to incompatibilities between SSL and SMB versions 1 and 2.
0
 

Author Closing Comment

by:swan_solutions
ID: 40178815
We were led to this conclusion by various posts available to the general public. The theory was proved when we replaced the SSL with and iPsec alternative.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question