My customer is a small business experiencing problems connecting to their file server through a VPN.
The customer connects easily, but the connection often slows considerably when downloading or uploading (saving) files, when inserting files into an email, etc. Often (20-25 times a day) they have to disconnect and reconnect to the VPN again to make it work faster. The problem is worse around Noon.
They have an ADSL 4096/512 connection that works fine ─ also around Noon ─ surfing the Internet, downloading from ftp, etc.
They are on a LAN (not wireless), but there is a Linksys router connected to the network.
Turning off the firewall doesn't affect the problem.
I experience few or no problems connecting to their VPN from my office or home. I have a 100/10mb connection; not ADSL, but a private network that I share with other people. I use a wireless connection at home, and it seems like the VPN is much more stable.
The strange part is that the VPN is the only network-related element that doesn't work at that office. Any ideas why it is so unstable?
The IPSec specification has a number of ambiguous sections that can cause interoperability problems between implementations. These problems are generally difficult to resolve without watching the VPN in operation. The best way to do this is by examining the logs produced by the VPN and by directly observing its operation with a tool such as tcpdump, Wireshark, EtherPeek or other network trace utility.
You can find guidance on using a line trace tool to track the operation of networking protocols in Rich Stevens' TCP Illustrated, Volume 1 and, in the context of VPNs, my book VPNs Illustrated. One thing to pay particular attention to is the final packet size after the VPN has added its additional headers to the IP datagram. It's important that this size not exceed the interface's MSS as this can cause a significant slowdown.
Dig Deeper on MSPs and cybersecurity
Related Q&A from Jon Snader
Learn how to set an IP address on the network interface of a FTP/Web/mail server when a client has only one public IP address. Continue Reading
To connect to a WAN remotely, your client can use a VPN client or a leased line. Learn the pros and cons of WAN connectivity with each option, such ... Continue Reading
When using ISA 2000, some users can lose connection to the network and experience packet loss even if the VPN client is still connected. Learn how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.