Troubleshooting slow response to email via vpn

Unanswered Question
Apr 16th, 2008
User Badges:

I've just adopted a vpn 3000 concentrator, and am totally learing this, so my apologies.


What could be reasons within a VPN enviroment that people are having slow response to email. (excluding issues with servers)


From a network perspective I can trouble shoot slow response, but how would a vpn enviroment be any more different to troubleshoot.


Naturally VPN is going to be much much slower, but taking 10 minutes for multiple users to get their email seems odd. LAN users get there email within seconds

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lamav Fri, 04/18/2008 - 14:10
User Badges:
  • Blue, 1500 points or more

Hi:


I'll tell you, I used to have the exact same problem at my last company.


We had an Exchange server for email and everyone used Cisco's VPN client.


Email was so slow, it was ridiculous sometimes. Everything else was OK, though. Other applications were OK, and network management was also good. It was just Exchange.


I know that Exchange is notorious for being delay intolerant, but this was bad! and it seemed to get worse with time.


Anyway, I dont know if you have done any troubleshooting yet or not, but you would definitely want to focus on the MTU settings for the VPN connection. Remember that IPSec adds overhead that may cause the ethernet frame to exceed the network's allowable MTU, so the packets get fragmented and reassembled at the receiving end. This can be a very slow process. And some applications are not very tolerant of fragmentation, like SQL and, I think, Exchange, too.


The problem with client VPN is that you would have to adjust each user's PC MTU. With site-to-site VPN, you can, of course, set the maximum segment size of the entire tunnel, so all users sitting behind the tunnel will be forced to conform to the tunnel's stips.


But you can try doing that on a few PCs to see if anything changes. I changed the PCs MTU using freeware called DR. TCP/IP. You can download it for free and it will allow you to change the PCs MTU very easily -- just a few keystrokes, instead of having to go into the registry and get stupid with Windows.


Change the output segment size for the PC to, say, 1400, and see if that improves anything. You would also want to change it on the 3000. I forgot how to do it on the 3000.


Victor

Actions

This Discussion