09-17-2004 06:19 AM
I've estabilished a VPN connection with a cisco PIX Firewall v.6.3.3 using Cisco VPN-Clinet 4.0.3.
All work fine ( telnet,ping,http,dns, netbios )but MS-Outlook 2003 sp-3 connecting to MS-Excange is very slow to start and often a timeout occur even on a broadband network.Using Outlook Express no problem at all.
Working on the lan all works fine.
MTU on the client have been decreased to 1300 and 576 without success.
Can you help me to isolate the problem ?
09-18-2004 08:09 AM
What type of connection is the vpn user using?
If you are using outlook 2003, you can try setting up cached mode when the user is in the office. That way the user has a copy of everything in their mailbox at the point in time on their machine - then when using the vpn, they are just retrieving new messages.
09-19-2004 05:39 PM
I would run a capture on the firewall interface that leads to the exchange server, using one vpn client as the source address. Set the acl that defines interesting traffic like this:
access-l capture_acl01 permit ip host vpnclient any
access-l capture_acl01 permit any ip host vpnclient
Then clear you buffer logg, and let the client try to connect. Post the results of the trace here, and also post any relevant info in the logs. What I am looking for in the capture is if I can see where the delay is coming from (client or server). The log info may tell you if you are blocking some traffic that Outlook, but not OE needs to go thru.
09-22-2004 08:37 AM
Already done !
I've seen a lot of traffic passing trough the Pix when lauching Outlook application, but I can not identify what. I've supposed, as read in another forum, the Outlook 2000 cache missing, but I don't undesrtand why we have the same waiting time with a slow connection ( modem 56K ) and a broadband connection ( adsl 256K ).
I've planned to decrease MTU on Server and VPN client and to try outlook 2003. Any other suggestion ?
09-28-2004 04:41 PM
Can you post the log here? If possible, just have one vpn connection proceed thru, or at least id the client and the server, so that I can easily id the conversation.
If possible, post the log as is on the pix, if not you can converit to to SNIFFER or ethereal format as I have access to both.
Thanks, Ed Hirsel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide