Avatar of Jason Johanknecht
Jason Johanknecht
Flag for United States of America asked on

Slow VPN connection over Charter Spectrum and Fortinet equipment

Two offices connected using site-2-site VPN on Fortigate 40C devices.  Both units were running flawlessly on Centurylink 6Mbps/768Kbps.  Once we changed over to Spectrum 100Mbps/7Mbps the VPN is 1/10 of the previous performance or worse!  The download speeds are excellent outside of the VPN on both sides.  Charter Spectrum has looked at both sides.  They claim everything is perfect.  The remote office only connects to a Terminal Server using RDP sessions.  If I connect outside of the VPN it is amazing!  However the added security of the VPN is a must.  So this was done as a trial and not acceptable.  Fortinet has been working on this for months and continues to blame Charter.  Over the VPN, the RDP sessions are very slow.  If you attempt to copy a 200MB file over the VPN it will never get past calculating.  If you attempt to copy a 2MB file it may or may not get there.  I have recreated the VPN tunnel and had Fortinet verify things.

Here is what Fortinet says:
The TCP Retransmissions occur when the transmitting server does not receive TCP-ACK from the receiving end. Some possible causes of not receiving TCP-ACK are:

This might be due to bad cabling/interface or duplex mismatch on ISP.


I agree this does sound like a duplex mismatch type end result, but is it possible Charter doesn't know what they have?
* Fortinet* FortigateVPN

Avatar of undefined
Last Comment
Jason Johanknecht

8/22/2022 - Mon
SOLUTION
Dr. Klahn

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jason Johanknecht

ASKER
Working with Charter currently to see if they can find anything else.  They confirmed the firmware of the cable modems is set to full duplex (Not auto negotiate).
Jason Johanknecht

ASKER
Now they are saying it is auto negotiate and will check on the duplex.
Jason Johanknecht

ASKER
They are sure everything is Full Duplex.  They claim to not block any packets.  I do have other clients that use Checkpoint VPN, but no site-to-site.  The software client works great with Checkpoint.  They both use IPSEC.  Anyone have any other ideas?  I don't think Charter is even trying to resolve this issue.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
Jason Johanknecht

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jason Johanknecht

ASKER
Charter finally replaced the modems with Ubee brand, and the VPN works for the first time!  Hard to believe  a modern day cable modem cannot handle IPSEC packets.