Slow VPN Connection
I have had Windows Server 2012 Essentials setup and running now for over 12 months and have been using the Remote Web Access to share certain files with our employees. When using the RWA you can download files in seconds without issue.
I recently wanted to setup a VPN connection to the server so that I could remote manage the server if needed rather than have to go to the office all the time. I added the role on the server, forwarded port 1723 as needed whilst at the office. Then at home
created a VPN connection on my Windows 7 PC. The VPN connects very quickly without issue but when trying to do anything the lag is very slow. On the laptop I used the cmd prompt so I could ping the server to see what was going on, i get a lot of time outs
when doing anything, even when trying to just open a folder that is also shared by RWA and opens without issue.
If i use Remote Desktop it just constantly times out and closes, so cant do anything.
It appears this is just a VPN issue as RWA works perfectly. Any ideas as to what would cause this?
Hi,
Regarding the current issue, I suggest we could refer to the following similar thread to see if it helps. Please follow the suggestions Tiger provided in the thread.
Slow VPN Connection to Windows Server 2008
http://social.technet.microsoft.com/Forums/en-US/3e68223a-26d8-4f39-a476-e7092c44afd9/slow-vpn-connection-to-windows-server-2008?forum=winserversecurity
In addition, here is an article about how to troubleshoot VPN slowness issue.
Why is something so slow over a VPN connection?
http://projectdream.org/wordpress/2007/03/20/why-is-something-so-slow-over-a-vpn-connection/
Hope it helps.
Best Regards,
Andy Qi
Andy Qi
TechNet Community Support
Similar Messages
-
Slow transfer speed over VPN connection
Hello,
Recently I setup an SSL VPN to connect to my parent's home network. I have some computers there, and want to try to transfer files between my computer and the one at my parent's. Over the VPN connection, I only get 128kb/s. On both ends, they are 15Mbps connections, and can support internal copies of 4 megs/s. I feel like I should get a better speed than that. I looked around, and people suggested changing the MTU. I have changed the MTU around, and not noticed any increase in the network speed over the VPN. Currently the MTU is at 1500. Below is a copy of my running config. Any thing I'm overlooking, or is this speed normal? Sorry, still relatively new to the ASA 5505.
ASA Version 8.2(5)
hostname HardmanASA
enable password #####
passwd ###### encrypted
names
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 10
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport access vlan 10
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan10
nameif inside
security-level 100
ip address 192.168.250.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
access-list nat_0 extended permit ip 192.168.250.0 255.255.255.0 192.168.251.0 255.255.255.0
access-list split_tunnel standard permit 192.168.250.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
ip local pool VPN_Pool 192.168.251.100-192.168.251.101 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list nat_0
nat (inside) 10 192.168.250.0 255.255.255.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.250.0 255.255.255.0 inside
http 192.168.251.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.250.0 255.255.255.0 inside
ssh 192.168.251.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd dns 8.8.8.8
dhcpd address 192.168.250.20-192.168.250.50 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
username ###### password ###### encrypted
tunnel-group AnyConnect type remote-access
tunnel-group AnyConnect general-attributes
address-pool VPN_Pool
tunnel-group AnyConnect webvpn-attributes
group-alias AnyConnect enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:74fc2287573841a837e97887840a2d91
: endHi,
Another option is the use of the compression command, this is usually enabled by default but maybe you can enter it due to is not showed in the running config, the command is compression svc.
Note: The command helps when we have low bandwitdh connections, the command reduces the size if the packets, for broadband connections this can decrease regular performance
Regards,
Sent from Cisco Technical Support iPhone App -
I have a pretty basic server setup. The same setup I've done many times before (although all the others have been on 10.5). Basically the server is also the router. VPN uses the high end of the IP range, DHCP uses the middle. The firewall is set up to give full access to the LAN including VPN connection. And public access is limited. I did map all the important ports, 1701, 4500, 500, GRE... (i forget the full list for L2TP but they're all checked). Oh yeah, I'm talking about L2TP. So I can connect to my VPN fine, but the speed is horribly slow. The most dramatic way to illustrate this is connecting to my server's external IP (i'm in another town currently) in Safari to load the default OS X page. It loads basically instantly. Then load the same page using my server's internal IP address, while connected to the VPN. It loads, but it takes about a full minute to full load. This is kind of an issue because I was planning on running the iCal servers over the VPN from user's iPhones and iPads. I can't think of anything else that could possibly be slowing this down. It's like my VPN pipe has been top-killed. Yippee for topical humor. Any suggestions?
Hello Shawn
I have joined the screenshots .Thank you !
Site1:
Site2: -
Slow VPN throughput speeds using WRT54GX4
I have a WRT54GX4 and am experiencing slow VPN throughput.
When I connect from my home network to my work network via my companies VPN client I've noticed that the throughput drops significantly. Speed tests to DSL Reports are ~10500 kbit/s download and 950 kbit/s upload when going through the WRT54GX4 not using VPN, but only 250 kbit/s download and 95 kbit/s upload when I connect using my VPN client.
I have used the same laptop computer at various locations away from home and tested through my work VPN connection to DSL Reports and noted that the speeds don't change too much when I switch between direct and VPN.
Next I bypassed the WRT54GX4 router all together and connected directly to my cable modem at home and repeated the test. This time the speed test using my VPN client was ~9950 kbit/s download and 850 kbit/s upload.
My company has several DS-3 connections that are load sharing and as mentioned above testing from other locations has shown that my office isn't the bottleneck.
Everything points to the WRT54GX4.
Also, my previous router was an early Wireless-G Linksys router - forgot the model - and it did not slow down my VPN like this new one does.
The problem exists in either wired or wireless connection mode.
I recently upgraded with the latest firmware V 1.00.20 but that didn't help.
I have also tried various MTU sizes and auto but nope, no joy there.
By the way, we have both Cisco and Nortel VPN servers at work and I've tried each client on two separate host machines at home and both exhibit the same slow connection.
When I turn off the VPN client everything is great and my speeds are super.
Any ideas?This may help significantly.
I have DSL, speed is 3 mb. I have a WRT54GS router. When I hardwired the connection from modem to laptop, speed was 3mb - ISP was doing it's job. Via wireless connection, speed dropped to 1 mb.
I spoke with Linksys and after some tweaks (upgrading Firmware etc ...) - they said that the drop was not unexpected and this is what I had to accept.
I spoke with my network specialist at work (I am in I.T. myself) and he thought that the router should not eat 2/3 of the speed. This was confirmed by the Geek Squad as well.
Combing through this forum, I came across an interesting article about some tweaks you can do with www.speedguide.net - they have an optimzing tool that has yielded the solution.
Try this ...
http://www.speedguide.net/files/TCPOptimizer.exe
This will download the tool. When you open this up you will see a number of tabs - the general tab yielded the most for me. You will see some radio buttons for current state and proposed state. When you choose apply you will see the registry settings that will be affected - a re-boot is necessary.
So after I did this, I noticed that my wireless speed was up to 2 mb - better but still only 2/3 of what I expected.
About an hour later I went to the basement, did a speedcheck ( www.speedtest.net ) - and I was getting 3 mb!! I went up to the kitchen and ... 3mb. I went to the access point and ... 3mb.
Bottom line: Re-boot helps - but it seems that there is some cycling involved ... so try a little later.
Message Edited by Shamrockoz on 11-09-2007 01:44 PM -
Hello All!
I'm wondering about my VPN.
Firstly, my modem stats are:
up/down
SNR (0.1dB): 69/93
Attenuation (0.1dB): 360/182
Output power: 0/128
Attainable Rate: 14084/1124
It seems to connect (speedtest) at 8Mbps on a good day. Sometimes more like 6. My modem is a TP-Link 8960N and I'm in Sydney.
What I have also found is that using a VPN to the UK (for work) I get down speeds of .8 Mbps only on a good run, and that is very very variable. I've tried three different VPN providers (at various price-points, including Vyprvpn), and they make no appreciable difference. I'd really like a more stable and faster VPN connection to the UK.
This is all on an ipad, since I don't have a desktop for a bit. I did try my ipad (not the VPN) on a friend's cable connection and it was faster, so I don't think it's the ipad... Or??? I'm wondering what I can do about getting the VPN to work better?
Any advice?? Do I need perhaps to open any ports or something?
Thanks!If you're doing remote file access across a WAN, it's often noticeable slower than local LAN access due not only to usually much lower bandwidth but additional latency.
That noted, one issue that often impacts performance is fragmentation of packets. Ideally, hosts will detect the fragmentation and reduce their packet sizes, but it's better if it doesn't occur to begin with.
This Cisco White Paper will discuss the issue at length: http://www.cisco.com/warp/public/105/pmtud_ipfrag.html -
We have PPTP configured on our Cisco RV042 VPN router. About once a day we have a severe slow down with the VPN connection. I did a tracert from home and found this on the last hop:
13 900ms 1104ms 999ms wsip-[our ip address].dc.dc.cox.net
All hops leading to this are fine. Just the last hop to our ip address. Would this be a problem with our RV042 or with the Cox Cable Modem?Hello mwsmith23,
I would check your Bandwidth settings first to make sure they are at least set to 10MB over your bandwidth provide by your ISP. So if you get 30 down and 10 up I would set the bandwidth for 40 down and 40 up to eliminate the RV042 throttling your traffic. As the RV042 bandwidth is set in Kbps just take your bandwidth and multiply it by 1024.
After that try the following:
To isolate where the latency is at I would do some pings from the local LAN of the RV042.
Each ping would be:
ping "LAN of RV042" -t -l 1500
ping "DG of the RV042's WAN IP addr" -t -l 1500
ping 8.8.8.8 -t -l 1500
Adjust the 1500 to 1472 or adjust by -10 until a ping goes out successfully. So if 1472 fails attempt with 1462 and so forth.
With this test you can see how the internal LAN is processing the traffic to the LAN of the Modem and then to the cloud. If you are seeing excessive traffic to the Modem and to the cloud then it probably is your modem and you should consult your ISP.
Hope this helps,
Michael D. -
How to reduce the IPSec VPN connection establishment time
Hi,
I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly.
The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes.
Could anybody tell me if this amount of time can be reduced (with a partcular configuration instruction)?
Or this is the minimum amount of time required for the first connection establishment?
Thank you for your help.Sara,
Two minutes sound like a lot of time even with a super slow Internet connection. Could you share your configs to see if there is anything on the VPN config that is adding such a huge delay? The connection stablishment shouldnt take more than a few seconds.
Thanks,
Raga -
I need to work from home 2-3 days a week and moved to Infinity just before Xmas - now I can't sustain a VPN connection, over either wireless or wired ethernet connection.
The connection is made fine, first time, but drops after usually a minute or 2, and after that will not reconnect without a PC reboot (and sometimes not even then.) From the VPN client (Cisco) error messages the client is unable to resolve any of the four VPN gateways that are available.
If I use a mobile dongle to connect the PC to the internet, the VPN stays up - but is too slow to be workable (and expensive) - but that to me rules out any client/PC issues.
I've been through this forum quite extensively and this looks like the problem with "BT Web Address Help" that many others have had - but I can confirm that I have opted-out of this service at least a week ago now, and there's no change in the way VPN behaves.
Please can someone assist on this as I'm unable to do my job without home VPN access - this is making me do an extra two 80 mile round trips each week to connect to the corporate network.Changing the PC's MTU value might help, or even changing your DSL Router?
http://community.bt.com/t5/BB-in-Home/BT-Home-Hub-2-0-crashes-using-Ethernet/m-p/10660#M6062
http://community.bt.com/t5/BB-in-Home/BT-Broadband-and-MTU/m-p/12660
The Homehub2 often doesn't like transferring large files especially if fragmented, which is more likely when using VPN.
"I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android) -
I have been having difficulty with connecting to servers using VPN. found a few things:
- VPN connections is fine, I can browse web servers.
- I can connect to other linux-based computers.
- when I connect to a windows based computer, it takes roughly 3:30s to connect.
I created a new account on my mac...connected to VPN, everything works fine.
- this tells me that it is something with my user I am currently using.
Any tips on how to fix this?I'm pretty sure the problem here is somehow related to my other post, but for shites and grins I would still like to know how I can receive a Slow Server alert when no actual page requests are running and it says there are 0 open connections to any of the datasources.
-
Can anyone suggest a free fast VPN connection
Can anyone suggest a free fast VPN connection.
i want to access streaming video (ie hulu.com)that is blocked in canada. Hotspot Shield works but is way too slow and I get stuttering and frozen video.
Any suggestions would be appreciated
Thanks in advance
DaveFast and free? I'm surprised you can even find slow and free. I use StrongVPN. It is fast, but it isn't free at $15/month.
-
Hi there, I am trying to connect to my server at work from home using a vpn connection. It connects fine and the time ticks along, but when i click go - connect to server, it comes up with connection failed. Please help!
... when i click go - connect to server, it comes up with connection failed.
If you're trying to connect to a Bonjour server on the remote network, that won't work over a layer 3 VPN. Use something like Hamachi or one of the SSH-tunnelling Bonjour proxy apps for that. -
Window 8.1 system unable to access network shares via VPN connection
Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
So to access network shares they have to use their domain credentials to create a VPN connection.
Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
those shares either.
You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
So...
I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
I can see all the shares, so dns seems to be fine right?
So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
When I try to create a mapped drive by machine name I receive the following message:
Windows cannot access \\fileserver.dev.lan\all
You do not have permissions to access \\fileserver.dev.lan. contact your network administrator to request access.
But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
This only seems to happen on windows 8.1, which leads me to think that has something to do with OS.
I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem. -
I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
Now the question is how do I get program to use the vpn tunnel without checking the above option?
Thanks for any hints and pointers.Then can her computer be authorized to both accounts?
Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD. -
Warning: Lenovo system update 5.1 corrupts VPN connection
In MS Windows 8 networking forum are discussed many VPNs problems, when installing 3rd party software.
http://social.technet.microsoft.com/Forums/en-US/w8itpronetworking/threads
After installing Lenovo system update 5.01 my VPN connection stopped working. Returning to restore point helped not.
Jiří Cvrk
TP YOGA S1 .. X220, X61, T22, ms w8nd8wsIt was quite simple.
I was connected to VPN.
I upgraded Lenovo system update in two steps.
I can´t connect to VPN anymore.
Jiří Cvrk
TP YOGA S1 .. X220, X61, T22, ms w8nd8ws -
Copy from AFP share to AFP share (via VPN-Connection) - stupid?
Hi there
We set up an OS X server in a remote facility and are connecting to it over a VPN connection (Netgear Firewall).
Everything works fine, there's only one annoying issue: if I want to copy a file from a mounted AFP share (share1) to another mounted AFP share (share2) - both of them residing on the same server - it seems to me that the files are being copied first to my local client and then back to the server again - instead of being copied directly from and to the server...
Is there anything I can do about this issue or am I wrong? Is this a so called "feature" of the Finder itself?
Thanks for any suggestions and regards
RomanThanks for your thoughts about higher vs. lower latency networking - I totally agree. It might be a quite uncommon setup; as the server is being "housed" in a datacenter with quite tough restrictions: not only do they charge us for the power consumption, but also for the traffic being generated - which is 250 GB a month. They're providing an uplink with 10mbps (guaranteed), burstable to 100mbits.
Anyway, we're interested in keeping traffic low - hard to do if we cannot let end users do "common" tasks like moving files from one folder to another (of course, its a sharepoint - but they don't care).
What I'm looking for? Well, I think it will take hours to find out which part of the setup (AFP implementation of the server, AFP on the local machines, either of them on a particular version, the Finder in general...) actually might be responsible for this behavior. And maybe there's a "solution" (if you agree that this is actually a problem" buried somewhere
Regards
Roman
Maybe you are looking for
-
After updating to iOS 5.0.1 my 3GS no longer syncs contacts.
After updating to iOS 5.0.1 my 3GS no longer syncs contacts. I tried it in both directions to no avail. I created a contact on iPhone and then synced with negative results. Then I created a contact on my Mac and synced with negative results. What is
-
My Toshiba Laptop says media failed
Hello, I have a satellite laptop. I tried to reset it, I think I did. It was going to slow and I decided to delete everything off. I then returned to turn it on and it turns on to the "Toshiba Leading Innovation" then says all these words over and ov
-
File to SAP (IDoc) using XI
Hi, I am trying to create an IDoc (Order) in SAP R/3 system based the file I receive. I am getting the following error <b><?xml version="1.0" encoding="UTF-8" standalone="yes" ?> - <!-- Call Adapter --> - <SAP:Error xmlns:SAP="http://sap.com/xi/XI
-
Hello, I have this XML "C:\entrega.xml" and I want to remove two nodes. HOW???? <?xml version="1.0" encoding="UTF-16" ?> -<BOM> --<BO> <AdmInfo> <Object>15</Object> <Version>2</Version> <Document_Lines> <row> <BaseType>17</BaseType> <BaseEntry>27</
-
Got some down time today. I am just curious, what mouse do the forum folks recommend? Just wondering. And...waiting for my new Mac Pro. Cheers. Tom