Link to home
Start Free TrialLog in
Avatar of Jason Johanknecht
Jason JohanknechtFlag for United States of America

asked on

Slow VPN connection over Charter Spectrum and Fortinet equipment

Two offices connected using site-2-site VPN on Fortigate 40C devices.  Both units were running flawlessly on Centurylink 6Mbps/768Kbps.  Once we changed over to Spectrum 100Mbps/7Mbps the VPN is 1/10 of the previous performance or worse!  The download speeds are excellent outside of the VPN on both sides.  Charter Spectrum has looked at both sides.  They claim everything is perfect.  The remote office only connects to a Terminal Server using RDP sessions.  If I connect outside of the VPN it is amazing!  However the added security of the VPN is a must.  So this was done as a trial and not acceptable.  Fortinet has been working on this for months and continues to blame Charter.  Over the VPN, the RDP sessions are very slow.  If you attempt to copy a 200MB file over the VPN it will never get past calculating.  If you attempt to copy a 2MB file it may or may not get there.  I have recreated the VPN tunnel and had Fortinet verify things.

Here is what Fortinet says:
The TCP Retransmissions occur when the transmitting server does not receive TCP-ACK from the receiving end. Some possible causes of not receiving TCP-ACK are:

This might be due to bad cabling/interface or duplex mismatch on ISP.


I agree this does sound like a duplex mismatch type end result, but is it possible Charter doesn't know what they have?
SOLUTION
Avatar of Dr. Klahn
Dr. Klahn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jason Johanknecht

ASKER

Working with Charter currently to see if they can find anything else.  They confirmed the firmware of the cable modems is set to full duplex (Not auto negotiate).
Now they are saying it is auto negotiate and will check on the duplex.
They are sure everything is Full Duplex.  They claim to not block any packets.  I do have other clients that use Checkpoint VPN, but no site-to-site.  The software client works great with Checkpoint.  They both use IPSEC.  Anyone have any other ideas?  I don't think Charter is even trying to resolve this issue.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Charter finally replaced the modems with Ubee brand, and the VPN works for the first time!  Hard to believe  a modern day cable modem cannot handle IPSEC packets.