My hosted 4.0 website performs better when clients are connected VPN

Hello experts,

I currently have a corporate website that I am hosting on a dedicated IIS server (Windows Server 2008).  I also have a dedicated SQL Server 2008R2 server running on Server 2012.  The website is very data-driven and contains lots of grids and controls from DevExpress.

Recently, users have complained that the site performance, specifically interactions with my aspxgridview controls is extremely slow.  However, if I have those same users connect to my company via VPN and then access the site, everything seems to speed up.

My DNS and domain name is hosted at Network Solutions.  Would anybody have any idea why a corporate intranet site would perform better over a VPN connection that when accessing it directly through the internet?

I've tried searching the web and searching the developers of my controls, but haven't found any leads.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How do you measure that?
Dan McFaddenSystems EngineerCommented:
Exactly, how you measuring performance?

Remember, user perceived performance does not accurately reflect a real performance issue on your site.  There are many other factors to consider when objectively measuring performance.  Each user experience is subjective and based on a unique set of circumstances, specific to them.  If you can correlate a specific user experience issue across multiple users, then it should be investigated.

Also, what other devices sit between your internet site and the users that are accessing the site without VPN?  Firewall, reverse proxy, load balancer, routers, switches, etc.?

What does the access path look like when access comes over VPN?

Have you analyzed your http logs to see if requests are taking longer to fulfill when accessed from certain IPs?  If you have logging enabled, hopefully you are logging all fields in your https logs.   Can you post some logs?

One might use firefox developer edition and measure page load time 1st time and next time. It will tell where the bottle has its neck.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

mmichaels1970Author Commented:
Here's a basic measurement.  I go to the website and attempt to refresh a grid.  It takes a full 15-20 seconds before the "loading" panel disappears and my data is presented.

I connect to my corporate network via VPN and reload the page.  I attempt to refresh the same grid and it takes less than one second.

I just feel like there's some sort of DNS issue going on or something.  When I connect vpn and ping my webserver, I obviously get replies from an internal IP address.  When not connected to vpn and I ping, I get replies from my internet IP address.  Both pings are similar in ms with VPN even being a few ms slower.

But the site flies when the vpn connection is made.  This leads me to believe that there must be some sort of DNS issue going on or something unrelated to database speed, IIS speed, etc.
mmichaels1970Author Commented:
I have an ADTRAN firewall between the internet and my server which routes http requests from the internet IP to the correct server over port 80.  Seems like the bottleneck might be there somewhere.  The VPN connection would be going through the firewall through a different port to a different server and then route the http requests internally to the webserver.  Am I making sense?

I'll check my logs and see if there is anything with my firewall configuration that might be worth posting here.
Dan McFaddenSystems EngineerCommented:
That's not a valid test of the page.  There is a good chance that on the refresh thru VPN, you are pulling a cached browser response.

In order for that to be a valid test, you need to do the following:

1. clear all browser cache
2. recycle the appropriate AppPool
3. from an internet location go to the site
4. hit the page and measure the time to complete the page render
5. reload the page but force the browser to ignore any local cache (in IE, hold ctrl while hitting refresh), measure time to render page

6. clear all browser cache
7. recycle the AppPool again
8. connect to VPN
9. hit the page and measure the time to complete the page render
10. reload the page but force the browser to ignore any local cache (in IE, hold ctrl while hitting refresh), measure time to render page

I would also do an NSLOOKUP to verify DNS resolution with and without the VPN connection.

I'd be interested in seeing the http log entries for the test above.  I would be looking at the time-taken field to verify the length of time the request took to fulfill.  Probably the best measure of time available.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.