• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Poor VPN performance for remote users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Poor VPN performance for remote users Page: [1]
Message << Older Topic   Newer Topic >>
Poor VPN performance for remote users - 23.Jun.2010 9:56:21 AM   


Posts: 15
Joined: 21.Nov.2006
Status: offline
I am running ISA 2006 on a Dell PowerEdge 2950 (dual 2.33 GHz dual-core CPU, 8 GB RAM, dual Broadcom gigabit NIC's in link aggregation, Windows 2003 Enterprise SP2 server). We use ISA as a web proxy for domain filtering, and for routing/remote access. It sits behind a Nokia IP350 running Check Point FW-1 software, and our current internet connectivity is via four bonded T1's with Telepacific connected to an Adtran NetVanta 4305 router. Network backbone is Dell PowerConnect 6248 switches.

Users experience spotty performance on the VPN (through various connection types - cable, DSL, cellular card, and a couple of vendors with T1's of their own). They can get connected fine, but the connection will regularly hang. This shows up as delays in keystrokes being registered (in telnet sessions, or scrolling through an Explorer window running on a RAS connection, for example). For some users, the delays are so bad that their telnet sessions get disconnected.

The only recent change is switching to Telepacific for our internet service. We used to have a single T1 with AT&T connected to a Cisco 2821 router (that also has four point-to-point T1's connected to it). While performance wasn't great, it was at least consistent, and didn't have the delays we're experiencing now. Telepacific has attempted to assist by swapping out routers (another Adtran as well as a Cisco), but the problem remains.

I need suggestions on what to look for. I'm not ruling out an internal problem, but since I am working with a configuration that was stable before, I don't really know where to start. Thanks!
Post #: 1
RE: Poor VPN performance for remote users - 23.Jun.2010 10:45:41 AM   


Posts: 15
Joined: 21.Nov.2006
Status: offline
Also, I just noticed that connections are getting dropped - I had four users on, including a test laptop I have sitting here, and all four got disconnected at the same time.

(in reply to JW)
Post #: 2
RE: Poor VPN performance for remote users - 17.Oct.2010 10:36:20 AM   


Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I suspect it is the bonding of the 4 T1's.  It may be breaking the state of the VPN Sessions if it jumps to a different line in the middle of the session.  If the bonding is at the Packet Level then change it to Connection level,...if the opposite is true then flip it the other way,...the point is to see if one method is more stabile than the other.

Packet Level = 1 Session spans all lines with packets being sent round-robin down each line.  Advantage is that your throughput (not the same thing as bandwidth) can maybe it 70%-80% of the combined speed of all four lines.

Connection Level = 1 Connection Session uses just one line. Subsequent connections assigned to the next line in round-robin. The thoughput (again, not the same thing as bandwidth) remains at the speed of one line (1.54mbps) but you can run four times the number of sessions before and degradation occurs.  Advantage is that connections can be more stable since they remain on the one line they were associated with when they were initiated.


One lane road with a speed limit of 200mph
Four lane road with a speed limnit of 50mph

Both roads can move exactly the same number of vehicles from point A to point B (Bandwidth) in a given measured amount of time, but the one lane road has 4X's the speed  (throughput) of the four lane road.

But in the end the amount of material (Data) that can be carried across in a measured amount of time is the same depending on how the load is distributed accorss the vehicles (Packets).


Phillip Windell

(in reply to JW)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Poor VPN performance for remote users Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts