Solved

Slow SSL VPN - Windows 2003

Posted on 2014-04-10
6
960 Views
Last Modified: 2016-02-25
We have a customer that was forced to move away from a previous internet solution due to the demise of SDSL.

The SDSL was replaced with a 10MB EFM service. In addition to this, we replaced the old Cisco ASA 5510 which provided VPN connectivity through the Cisco VPN client, with a Sophos UTM 220.

The Sophos UTM provides a number of attractive security enhancements, however the SSL VPN is atrociously slow and sometimes indicates that there has been a disconnection from the server (when opening a file). Also, be aware that some of these file are tiny in size (50-300KB)

As a result of this we have a very frustrated customer. Sophos technical support say, 'it should just work'. We have worked with a 3rd party company contracted by Sophos who have indicated that this is a Windows issue.

In addition to the Sophos UTM, we have tried a Sonicwall NSA 250. This is also slow, but does not disconnect when opening files or browsing the directory srtucture through mapped drives.

A Meraki MX 80 was tried using VPN. This was slightly better, but nothing to write home about.

Windows PPTP was tried. This was slightly better again, but not our chosen method of VPN connectivity.

Can anyone put and end to our misery?

Please see attached, which illustrates what was in place before, and what is in place now.
Scenarios.docx
0
Comment
Question by:swan_solutions
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:carlmd
ID: 39992452
Are you sure you don't have an ISP issue?

If you run speedtest.net from the location, is the performance anywhere near the purchased speeds?
0
 

Author Comment

by:swan_solutions
ID: 39993505
Purchased speed is 10MB synchronous (Ethernet First Mile).
See speed test results attached
Also see file transfer screen shot attached

All tests were conducted from a Windows 7 Pro computer

The file transfer was conducted from a remote fibre ADSL connection with speeds of 25MB download/6MB upload.
Speedtests-Results---Experts-Exc.xlsx
File-transfer-screenshot.docx
0
 

Author Comment

by:swan_solutions
ID: 39993843
FTP Test
I set up a temporary FTP server behind the default firewall and remotely downloaded a 102MB file over a standard ADSL  (with approx 20MB download at the remote site). This took 5 minute 35 seconds. Compared to copying data over a windows mapped drive, this was like lightening.

It seems to me that when connected to the Sophos SSL VPN and browsing windows shared data over mapped drives or UNC path is the main issue.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 20

Expert Comment

by:carlmd
ID: 39993863
So the problem occurs when you a doing a copy, or using a file on a share, as opposed to an ftp up/down load.

Perhaps the mtu size is an issue here.

Take a look at the following.

http://www.elifulkerson.com/projects/mturoute.php
0
 

Accepted Solution

by:
swan_solutions earned 0 total points
ID: 40169720
Dear All,

We eventually resolved this issue by ditching the SSL VPN solution and moving to a IPSec alternative. This issue was not related to an ISP speed or contention issues, but simply due to incompatibilities between SSL and SMB versions 1 and 2.
0
 

Author Closing Comment

by:swan_solutions
ID: 40178815
We were led to this conclusion by various posts available to the general public. The theory was proved when we replaced the SSL with and iPsec alternative.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now