Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 9862 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Applications run slowly on IPSec tunnel

ZadokXerxes

I have configured a site to site VPN between my head office and branch office.

 

However, apps run very slowly at the branch office, when they are accessed from a drive at the Head office.

 

Microsoft Office is an example of this.

 

Can I get suggestions to speed this up, or are there particular configurations I need to make?



This thread was automatically locked due to age.
  • 0

    vpn tunnels rely highly on internet speed. (upload and download) - one thing also to consider is bottlenecks in some links in transit.

    could you share your branch and hq xg model, number of users accessing the app, and internet speed (both branch and hq)

     

    regards

  • 0 in reply to Ashen1

    HQ Model: XG210

    Branch Model: XG85

    Users so far on the branch are just three, just person accessing the app at the moment.

    Remember I said office is one of the apps. There are others too.

     

    How do I deal with these bottlenecks you have spoken about?

  • 0 in reply to ZadokXerxes

    Hey  

    To add to what Raphael has already mentioned:

    You would first have to locate what these bottlenecks are in your network (bandwidth, hardware, ISP performing QoS).

    You mention that only your branch users are affected, when they try to access apps/data from a drive located in your HQ?

    • What is the bandwidth for branch's ISP connection?
    • How is bandwidth for non-VPN destined traffic?
    • How are speeds for your HQ users to your branch site?

    I'd also suggest to look online for more information regarding IPsec VPN bandwidth testing and useful tools to help to you (ex: iPerf).

    Regards,

  • 0

    You possibly have packet fragmentation issues that's causing the slowness.

     

    I'd suggest reading up on Path MTU Discovery, verifying it's working in your environment and get it working if it isn't.

    Quickest way to check/verify MTU issues would be get a system at each site reconfigured to use an MTU of 1280 (low enough to account for most overheads incurred by VPN protocols and other encapsulation methods), then test throughput/latency between these two systems. Compare measurements between these two systems with the default MTU.

  • 0

    Another likely culprit for slow access is high latency.

    Accessing Windows file shares in a high latency environment can be painful, due to the chatty nature of the SMB protocol, especially for the older versions (SMBv1 is awful, and should be culled with extreme prejudice given its gaping security holes).

    Another possible cause is that Offline Files are being used, but the latency thresholds aren't set correctly.

    Then there's the annoyingly difficult hard to track down problem of only certain spreadsheets are slow, caused by the fact that the spreadsheet has Share Workbook turned on, or the spreadsheet is linked to lots of other spreadsheets located on the far end of a VPN link and it's automatically refreshing the links.

    Without more information, or some specific examples of slowness, it's really hard to work out what the root cause is.

  • 0 in reply to ChrisKnight

    Let me give a specific example.

     

    At the HO, when I transfer a file from the server, to my desktop, it takes tops 10 seconds to complete.

    At the BO, when I transfer the same file, from the server, it takes about ten minutes.

     

    Internet speed at both ends are 5Mbps. 

    I still am not getting what is wrong about this. 

     

     

    ChrisKnight said:

    Another likely culprit for slow access is high latency.

    Accessing Windows file shares in a high latency environment can be painful, due to the chatty nature of the SMB protocol, especially for the older versions (SMBv1 is awful, and should be culled with extreme prejudice given its gaping security holes).

    Another possible cause is that Offline Files are being used, but the latency thresholds aren't set correctly.

    Then there's the annoyingly difficult hard to track down problem of only certain spreadsheets are slow, caused by the fact that the spreadsheet has Share Workbook turned on, or the spreadsheet is linked to lots of other spreadsheets located on the far end of a VPN link and it's automatically refreshing the links.

    Without more information, or some specific examples of slowness, it's really hard to work out what the root cause is.

     

  • 0 in reply to ZadokXerxes

    Hi Mate,

     

    You mean both ends has 5mbps upload and download? I suggest to set a bandwidth priority for the Firewall Rules. LAN TO VPN and VPN TO LAN.

     

     

     

  • 0 in reply to ZadokXerxes

    ZadokXerxes said:

    Let me give a specific example.

     

    At the HO, when I transfer a file from the server, to my desktop, it takes tops 10 seconds to complete.

    At the BO, when I transfer the same file, from the server, it takes about ten minutes.

     

    Internet speed at both ends are 5Mbps. 

    I still am not getting what is wrong about this. 

     

    Where is the server in relation to your desktop at HO?  On the same LAN/Switch?

  • 0 in reply to Bill Roland

    Yes.

    Same LAN.

    Server and desktop are on the HO network.

  • 0 in reply to ChrisKnight

    So what do you suggest to be done if this were the problem?