We help IT Professionals succeed at work.

Slow VPN connection over Charter Spectrum and Fortinet equipment

Jason Johanknecht
on
1,156 Views
Last Modified: 2017-05-15
Two offices connected using site-2-site VPN on Fortigate 40C devices.  Both units were running flawlessly on Centurylink 6Mbps/768Kbps.  Once we changed over to Spectrum 100Mbps/7Mbps the VPN is 1/10 of the previous performance or worse!  The download speeds are excellent outside of the VPN on both sides.  Charter Spectrum has looked at both sides.  They claim everything is perfect.  The remote office only connects to a Terminal Server using RDP sessions.  If I connect outside of the VPN it is amazing!  However the added security of the VPN is a must.  So this was done as a trial and not acceptable.  Fortinet has been working on this for months and continues to blame Charter.  Over the VPN, the RDP sessions are very slow.  If you attempt to copy a 200MB file over the VPN it will never get past calculating.  If you attempt to copy a 2MB file it may or may not get there.  I have recreated the VPN tunnel and had Fortinet verify things.

Here is what Fortinet says:
The TCP Retransmissions occur when the transmitting server does not receive TCP-ACK from the receiving end. Some possible causes of not receiving TCP-ACK are:

This might be due to bad cabling/interface or duplex mismatch on ISP.


I agree this does sound like a duplex mismatch type end result, but is it possible Charter doesn't know what they have?
Comment
Watch Question

Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jason JohanknechtIT Manager

Author

Commented:
Working with Charter currently to see if they can find anything else.  They confirmed the firmware of the cable modems is set to full duplex (Not auto negotiate).
Jason JohanknechtIT Manager

Author

Commented:
Now they are saying it is auto negotiate and will check on the duplex.
Jason JohanknechtIT Manager

Author

Commented:
They are sure everything is Full Duplex.  They claim to not block any packets.  I do have other clients that use Checkpoint VPN, but no site-to-site.  The software client works great with Checkpoint.  They both use IPSEC.  Anyone have any other ideas?  I don't think Charter is even trying to resolve this issue.
IT Manager
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jason JohanknechtIT Manager

Author

Commented:
Charter finally replaced the modems with Ubee brand, and the VPN works for the first time!  Hard to believe  a modern day cable modem cannot handle IPSEC packets.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions