Connection timeouts with mobile vpn users

joeyj1970
joeyj1970 used Ask the Experts™
on
We just setup a colocation and all connections from our main site to colocation site seem fine.  When remote user connects I start getting timeouts.  Here is the setup.
At main office we have a Watchguard router, at colocation is a Fortigate router.  The gateway and tunnels are setup for site to site between the 2 and it works.
At the main site on the DC, I have sites and services configured accordingly.  The main site subnet is 192.168.0.0/24 and the remote site is 192.168.10.0/24.  I moved one of the DC's into the server portion of the remote site.  When I connect using the WatchGuard VPN client I get assigned an address on the 192.168.113.0/24 subnet.  I can see all servers and access all machines on the .0.0/24 subnet without issue, when I try and hit the servers on the 10.0/24 subnet I get a few replies and then couple timeouts.  If I try a continuous ping I may get up to 12 replies before getting 2-3 timeouts and then replies again.  Also, if I run a continuous ping from my machine at the office (on the 0.0/24 subnet) I get all replies but will start getting some timeouts if someone connects via the WatchGuard VPN client.  
I am hoping I am just missing a step as this is becoming frustrating.
If anyone can provide any insight it would be greatly appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
You may need to turn NAT traversal ON. Also a site-to-site tunnel will use MAIN Mode. Mobile users use AGGRESIVE Mode. Make sure the mode is correctly set.

Author

Commented:
Thank you John, I will give that a try tomorrow.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Please let us know after you have tried. Thanks.

Author

Commented:
John,  We switched to Aggressive mode and latency still existed.  Turns out they had something wrong on the Fortigate tunnel side.  Once they removed the Tunnel and reconfigured in a different manner, I no longer received any packet loss when remote.'
Thank you for the suggestion.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thanks for the update and I was happy to help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial