Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
3
Replies

Slow VPN tunnels

fpineau
Level 1
Level 1

‎05-21-2003 05:27 AM - edited ‎02-21-2020 12:33 PM

This is a weird problem. I have a client site with four users going out over a T1, through a firewall, but with public IP addresses. They're hitting a Cisco VPN concentrator on the remote side. The T1 is provided by the company that manages the building they lease space in. Tunnels are client-to-concentrator, rather than a single site-to-site tunnel. The problem doesn't seem to occur on other users of the remote concentrator. Everything worked fine until about a week ago. Now, they can work for a few minutes, then the tunnel starts slowing way down. Sometimes, one user's VPN tunnel usage seems to actually interfere with the other three (the others work fine until he fires up a tunnel).

Building management swears they haven't changed their firewall config, remote site swears the concentrator config wasn't changed. Normally, I would think it was a PC problem, except it started affecting all four users at this site almost simultaneously. T1 bandwidth usage doesn't appear to be over 50% at any time. Any suggestions on how to troubleshoot or what to look for? Could the building's ISP have made a routing change that would have an effect?

Labels:
0 Helpful
3 Replies 3

p.krane
Level 3
Level 3

‎05-27-2003 10:54 AM

Hi,

Its hard to say from the problem you have described. It may be NAT that is taking a lot of CPU. Or it could be a really bad T1. You may want to check the CRC or Bit errors on the T1.

0 Helpful

fpineau
Level 1
Level 1
In response to p.krane

‎05-27-2003 03:31 PM

Further information has come to light. It now seems that there are other tenants in the building who are having similar issues. It seems more and more likely that the T1 is the culprit, since the building's IT staff allegedly made no network changes.

0 Helpful

fpineau
Level 1
Level 1
In response to fpineau

‎05-29-2003 12:03 PM

So, it turns out that these chowderheads in the building IT department really *did* make changes to both their router and their firewall to add traffic shaping. The guy who made the changes is the one who lied right to my face when he said they hadn't touched anything for months. As soon as they backed out the changes, the VPN connections started working again.

You know, my job would be a lot easier if people would give me all the information they have.

0 Helpful
Customers Also Viewed These Support Documents