aus3ya
join:2004-03-31
Cerritos, CA
| VPN and FIOS
URL=http://www.speedtest.net]  [/URL]
I need help from the networking gurus at this site. I've had DSL before and had no issues with VPN to my company's server. I use Cisco VPN Client 4.0.5 D to connect. I recently upgraded to FIOS 15/2. When not connected to VPN, the speed is great. But once I'm on VPN, the above speed comes up. Sometimes it's even slower, all the way down to less than 500kbps. My company's internet aggregator, iPass said they do not support FIOS yet because of this issue. They have no idea why this is happening on fiber and not on DSL or Cable. I used my iPass provided router, Zyxel g2000 plus V2, same results. I used my own router, Buffalo WHR-HP-54G on Tomato 1.19, still the same results. The same results with Verizon's Actiontec router.
Cisco connects via IPsec over UDP port 4500 (NAT-PAT?). I have forwarded ports 500, 50, 51, 1700, 1723, 4500. I played with different MTUs, my company's MTU is 1300, TCP window size but still no luck.
Any suggestions would be greatly appreciated. |
|
aus3ya
join:2004-03-31
Cerritos, CA | This is my speed test results when not on VPN.
URL=http://www.speedtest.net]  [/URL] |
|
PetePuma
How many lumps do you want
Premium,MVM
join:2002-06-13
Arlington, VA
edit:
May 12th, @08:41PM
| reply to aus3ya
Is it a split-tunnel VPN, or is all traffic going through the VPN? If all traffic is going through the VPN you'll be limited by the speed at the other end of the connection.
My company uses a Cisco VPN and I'm connecting over FIOS and do not see that kind of speed dropoff. |
|
aus3ya
join:2004-03-31
Cerritos, CA | reply to aus3ya
I think all traffic is going through the VPN. Connection is very erratic. Over the weekend I was able to obtain download speeds over 5mb but then goes down again after awhile. Thanks for the reply PetePuma. |
|
fox7
join:2001-02-12
Culver City, CA | reply to aus3ya
aus3ya:
Like PetePuma said... All traffic in the VPN, then your maximum download speed is your companies maximum upload speed.
fox7 |
|
ponistd
join:2004-01-04
Bethel Park, PA
| reply to aus3ya
Your speed tests when not on VPN are great, and you said you never saw your speeds take such a speed hit when VPN-ing in on DSL or Cable as you as seeing on FiOS. So, you're saying that, before you upgraded to FiOS, you were able to get speeds higher than 3 Mb or 4 Mb on the downstream and upstream?
In any case, I wouldn't be so quick to point the finger at the FiOS connection itself. I had a nightmare of a time with my Cisco VPN Client, too, and couldn't find help anywhere. Luckily, I just stumbled on the solution...
1.) When using the Cisco VPN Client with the supplied Actiontec router, DO NOT, I REPEAT, DO NOT alter the MTU settings when connected to VPN. Running the FiOS Speed Optimizer (on your VPN connection) increases your MTU from 1300 to 1492, and it seems that Actiontecs just choke on that. (I never had any issues with my D-Link or Netgear after running the Optimizer.) So, I would first make sure to set the MTU to 1300 for the Cisco connection. You can use the SetMTU utility provided by Cisco to do this.
2.) Ask your IT people if they have throttled VPN connections to allow for equal distribution of limited bandwidth. During the course of troubleshooting what turned out to be an MTU Conflict, our IT people capped our VPN traffic to around 1.5 Mb in each direction. So, I thought I fixed one problem and encountered another, but, alas, it was a corporate policy that was limiting my bandwidth.
3.) Based on your test results, it is apparent (your ISP changes on your Speedtest results), like everyone else is saying, that your Cisco VPN does not have split tunnels. ALL traffic, regardless of whether it is destined for your company's intranet or not, will go over your VPN connection.
4.) When not on VPN, it never hurts to do a Tracert (open a Command Prompt and type tracert myvpn.mycompany.com, substituting your VPN concentrator's address) to see if there are any sluggish hops between your FiOS connection and your company's VPN concentrator. To find the address of the concentrator, open the Cisco VPN client, switch to Advanced Mode, and you should see the Connection Profile Name as well as the server address.
Best of luck! Let us know what you find out.
-ponistd |
|
aus3ya
join:2004-03-31
Cerritos, CA
| Thanks! ponistd.
My MTU is set at 1300. Tracert did not reveal any sluggish hops. You might be right about my IT people throttling VPN connections. It's hard to get answers from our IT people about this since we're suppose to be asking iPass for support. The person I talked to at our IT helpdesk said employees on Uverse are having the same issue. So, it might be a corporate policy like you said ponistd.
Well, I'm happy with what I have. My VPN works, that's all that matters.
Thanks for all the replies! |
|
elnino
join:2006-08-27
Akron, OH | iPass is just a passthru for authentication. Once you fire up the Cisco VPN client, you're making a connection from your PC to your company's VPN server, not from iPASS. |
|
