02-05-2007 02:14 PM - edited 02-21-2020 02:51 PM
I have a VPN 3005 concentrator and have about 11 people that connect using the Sprint broadband PC Card. All users are running Windows XP with Service Pak 2 and are using the Windows VPN client (so PPTP). All users are complaining about very slow download of files over the VPN. Web browsing works fine, but trying to move around the intranet is a killer.
I put a 4M test file on our web site to try to test this out. When the users are connected to the internet using their Sprint card I had them download the file. When NOT connected to the VPN we are seeing 120-140K in speed. When connected to the VPN (so copying over the VPN tunnel) we are seeing speeds drop to 27K.
I could understand a minor drop due to the extra overhead but this is ridiculous. Is this PPTP and will switching to IPSEC help? Is this just always going to be the way with the PCCard connectivity? Is this only Sprint and should we get a different vendor? I can not tell what VPN part is stopping it so need a little assistance on this one.
Thanks much
Dave
02-10-2007 01:57 PM
It depends on a couple things.
1. How fast is the server uploading the files? If you don't have a server than is on a big enough pipe that would slow things down.
2. EV-DO networks weren't meant for uploading either... the client still needs to upload data in order to get a response from the server.
3. Which encryption are you using? Its possible to slow a network down when using AES because its such a demanding protocol.
02-12-2007 06:42 AM
Lets see if I can answer the questions well enough:
1. The server has 2 1.8G processors in it and 2.5G of RAM. The network connection is 100M, so that may be slowing it down a little. Everything seems to be working fine here and the server does not get maxed out on network of processor power
2. True. The slowness issue only occurs when the VPN is connected. Without the VPN but using the sprint card we get 130K throughput but with the VPN connected it drops down to 27K. Each time the traffic requests should be the same, but it may be broken up differently for the VPN traffic. I do not know enough to understand how the packets will be different besides the VPN encryption.
3. These users are using PPTP and the MSChapv2 authentication scheme. PPTP encryption is turned on with both 48 and 128 bit encryption checked. I can try to move them to IPSEC where they will be using 3DES-MD5 encryption.
Hope this makes sense. I just can not figure out how the VPN concentrator can kill off 75% of the traffic flow. Works great when not usign the sprintcard from these machines and connected to the VPN. Works well enough to hit our sites and download files when using the Sprintcard and no VPN. But combining the two is the killer. I'm just so confused.
Dave
02-14-2007 08:28 PM
You have a 100meg upload capacity? I highly doubt that... remember upload speeds are usually far different from download speeds. What you are describing is most likely your internal network speed, not the internet line.
02-15-2007 06:33 AM
You are correct. I forgot to add that to the message. Our internet connection is a DS3 circuit capable of 54M. Plenty of room for a higher transmission rate. We have gotten up to 40M once on the circuit load but other than that we should be able to take whatever is thrown at us.
I have a ticket open with Sprint but they keep on going back to a slowness issue and checking their cell towers.
Anyway, would you know the difference between IPSEC and PPTP?
Thanks much
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide