Slow SSL VPN - Windows 2003

We have a customer that was forced to move away from a previous internet solution due to the demise of SDSL.

The SDSL was replaced with a 10MB EFM service. In addition to this, we replaced the old Cisco ASA 5510 which provided VPN connectivity through the Cisco VPN client, with a Sophos UTM 220.

The Sophos UTM provides a number of attractive security enhancements, however the SSL VPN is atrociously slow and sometimes indicates that there has been a disconnection from the server (when opening a file). Also, be aware that some of these file are tiny in size (50-300KB)

As a result of this we have a very frustrated customer. Sophos technical support say, 'it should just work'. We have worked with a 3rd party company contracted by Sophos who have indicated that this is a Windows issue.

In addition to the Sophos UTM, we have tried a Sonicwall NSA 250. This is also slow, but does not disconnect when opening files or browsing the directory srtucture through mapped drives.

A Meraki MX 80 was tried using VPN. This was slightly better, but nothing to write home about.

Windows PPTP was tried. This was slightly better again, but not our chosen method of VPN connectivity.

Can anyone put and end to our misery?

Please see attached, which illustrates what was in place before, and what is in place now.
Scenarios.docx
swan_solutionsAsked:
Who is Participating?
 
swan_solutionsConnect With a Mentor Author Commented:
Dear All,

We eventually resolved this issue by ditching the SSL VPN solution and moving to a IPSec alternative. This issue was not related to an ISP speed or contention issues, but simply due to incompatibilities between SSL and SMB versions 1 and 2.
0
 
carlmdCommented:
Are you sure you don't have an ISP issue?

If you run speedtest.net from the location, is the performance anywhere near the purchased speeds?
0
 
swan_solutionsAuthor Commented:
Purchased speed is 10MB synchronous (Ethernet First Mile).
See speed test results attached
Also see file transfer screen shot attached

All tests were conducted from a Windows 7 Pro computer

The file transfer was conducted from a remote fibre ADSL connection with speeds of 25MB download/6MB upload.
Speedtests-Results---Experts-Exc.xlsx
File-transfer-screenshot.docx
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
swan_solutionsAuthor Commented:
FTP Test
I set up a temporary FTP server behind the default firewall and remotely downloaded a 102MB file over a standard ADSL  (with approx 20MB download at the remote site). This took 5 minute 35 seconds. Compared to copying data over a windows mapped drive, this was like lightening.

It seems to me that when connected to the Sophos SSL VPN and browsing windows shared data over mapped drives or UNC path is the main issue.
0
 
carlmdCommented:
So the problem occurs when you a doing a copy, or using a file on a share, as opposed to an ftp up/down load.

Perhaps the mtu size is an issue here.

Take a look at the following.

http://www.elifulkerson.com/projects/mturoute.php
0
 
swan_solutionsAuthor Commented:
We were led to this conclusion by various posts available to the general public. The theory was proved when we replaced the SSL with and iPsec alternative.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.