I have configured a VPN using Cisco 857 routers. There are three sites with two of them being ?spoke? sites and one being the ?hub?. The Hub site also accepts VPN client dial-in.
It all seems to work fine, however I have a question regarding performance more around the available bandwidth than anything. The Hub site is an ADSL router and the upstream connection (which is effectively the other sites downstream connection) is rated at minimum of128kb/s (but I get around 170kb/s of actual file transfer so it?s a fair bit more than that).
The problem is opening files on a Microsoft server across the link is painfully slow. I did a packet capture and to open a 35KB file the traffic back and forward across the MS ?direct hosting? or AD port 445 ends up being around 215KB for the transaction. Talk about overhead!
All other stuff seems to be acceptable across the VPN links e.g. domain authentication, email etc, but then that is either relatively small or not real-time unlike opening your MS Word document. Realistically I guess the available bandwidth is insufficient for this purpose being at best about 60 times slower than a 10MB Ethernet.
What is everybody elses thoughts/experience with this? We can upgrade the plan to a maximum of 512kb/s uplink but I guess the best solution would be a MS terminal server or Citrix server?
Thanks, I might look at this technology next time. In the end we put a MS terminal server in for users at the satellite sites to connect to and they are very happy with that performance as its just screen, mouse and keyboard traffic going across the WAN.
BTW if anybodys interested, if you are running SBS2003 you can put in a Windows 2000 server as a terminal server, and you only have to pay for a Windows 2000 server license; user CALS and TS CALS are legally provided by the SBS2003 server (if you use a Windows 2003 server as the TS you have to pay for TS CALS which are really expensive). We did this to keep costs down for our TS solution.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...