Site to Site VPN works. How does traffic been routed?

I have setup a site to site VPN for our remote branch using pptp. The
following is the setting:

head quarter branch
T1 (192.168.1.x) 756K DSL(192.168.2.x)
DC--VPN============internet===========VPN--clients
through (DHCP)
permanent VPN

I have branch DHCP server pointed its DNS to DC's integrated DNS. If
the name can not be resolved, it will go to forwarder.

Everything works fine. My question is how does branch clients access
internet? Does all the internet traffic route through HQ's T1?
Whenever the branch VPN server connected to HQ vpn server, HQ's T1
traffic increase about 50%. Is it normal? Is there anyway to tune
it?
tks
eric

I think it depends on how you have your branch clients default gateway
configured.

Please correct me if I'm wrong, but I think if the branch clients have a
default gateway of the branch site router, the branch site clients will use
the DSL link. If the DG is set as the headquarters router then the branch
site clients use the T1

TomT



"eric" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have setup a site to site VPN for our remote branch using pptp. The
> following is the setting:
>
> head quarter branch
> T1 (192.168.1.x) 756K DSL(192.168.2.x)
> DC--VPN============internet===========VPN--clients
> through (DHCP)
> permanent VPN
>
> I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> the name can not be resolved, it will go to forwarder.
>
> Everything works fine. My question is how does branch clients access
> internet? Does all the internet traffic route through HQ's T1?
> Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> traffic increase about 50%. Is it normal? Is there anyway to tune
> it?
> tks
> eric

It depends on how the link is set up. Normally these are set up so
that local machines access the Internet through the local router, and only
inter-office traffic is sent through the VPN link. The only way to know for
sure is to look at the routing table of the routers involved.

"eric" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have setup a site to site VPN for our remote branch using pptp. The
> following is the setting:
>
> head quarter branch
> T1 (192.168.1.x) 756K DSL(192.168.2.x)
> DC--VPN============internet===========VPN--clients
> through (DHCP)
> permanent VPN
>
> I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> the name can not be resolved, it will go to forwarder.
>
> Everything works fine. My question is how does branch clients access
> internet? Does all the internet traffic route through HQ's T1?
> Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> traffic increase about 50%. Is it normal? Is there anyway to tune
> it?
> tks
> eric

It isn't very complex Eric.

If the LAN is a single subnet (looks like yours is) then the clients simply
use the VPN Device as the Default Gateway. The VPN Device itself is smart
enough to know the difference between Internet traffic and your "intranet"
traffic and handle it properly. Routing inside the VPN Device is pretty much
automatic because the VPN link is considered a "Directly Connected Network"
and due to that alone will already have a routing table entry.

Yes, the traffic usage will jump up because you are running both Internet
traffic and "intranet" traffic on the same T1. Also VPN just on its own has
much more overhead in the Protocols than just straight TCP/IP traffic.

VPN is not a very big "performer". It is not as efficient as a private
leased line, but it is cheaper, which is probably the biggest legitiment
attraction to it. But due to all the marketing "hype" everyone is in a mad
scramble to setup VPNs, just like they were all in a mad scramble to get on
the Internet back in the mid 1990's. Then they become confused and
disappointed that is doesn't perform as smoothly and quickly as the older
leased lines.

We have over 20 sites connected by VPN from all across the US and Puerto
Rico. It used to be all done with lease lines, now it is VPN. The change
came due to cost savings, not because VPN is better (because it is not
better).

I guess I have to get on my VPN Soap Box and "spew" once in a while. :-)

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"eric" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have setup a site to site VPN for our remote branch using pptp. The
> following is the setting:
>
> head quarter branch
> T1 (192.168.1.x) 756K DSL(192.168.2.x)
> DC--VPN============internet===========VPN--clients
> through (DHCP)
> permanent VPN
>
> I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> the name can not be resolved, it will go to forwarder.
>
> Everything works fine. My question is how does branch clients access
> internet? Does all the internet traffic route through HQ's T1?
> Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> traffic increase about 50%. Is it normal? Is there anyway to tune
> it?
> tks
> eric

Another thing which can make VPN seem slow is using ADSL. ADSL routers
are designed to give you faster download speeds, usually by a factor of 4
(like 64k/256k). If you use these for a VPN link, the VPN traffic runs at
the lower speed, because all traffic is is an upload as far as one of the
routers is concerned. Add the inevitable Internet holdups and
encryption/encapsulation overheads and it is not speedy!

"Phillip Windell" <@.> wrote in message
news:u0wYZC7#(E-Mail Removed)...
> It isn't very complex Eric.
>
> If the LAN is a single subnet (looks like yours is) then the clients
simply
> use the VPN Device as the Default Gateway. The VPN Device itself is smart
> enough to know the difference between Internet traffic and your "intranet"
> traffic and handle it properly. Routing inside the VPN Device is pretty
much
> automatic because the VPN link is considered a "Directly Connected
Network"
> and due to that alone will already have a routing table entry.
>
> Yes, the traffic usage will jump up because you are running both Internet
> traffic and "intranet" traffic on the same T1. Also VPN just on its own
has
> much more overhead in the Protocols than just straight TCP/IP traffic.
>
> VPN is not a very big "performer". It is not as efficient as a private
> leased line, but it is cheaper, which is probably the biggest legitiment
> attraction to it. But due to all the marketing "hype" everyone is in a
mad
> scramble to setup VPNs, just like they were all in a mad scramble to get
on
> the Internet back in the mid 1990's. Then they become confused and
> disappointed that is doesn't perform as smoothly and quickly as the older
> leased lines.
>
> We have over 20 sites connected by VPN from all across the US and Puerto
> Rico. It used to be all done with lease lines, now it is VPN. The change
> came due to cost savings, not because VPN is better (because it is not
> better).
>
> I guess I have to get on my VPN Soap Box and "spew" once in a while. :-)
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "eric" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I have setup a site to site VPN for our remote branch using pptp. The
> > following is the setting:
> >
> > head quarter branch
> > T1 (192.168.1.x) 756K DSL(192.168.2.x)
> > DC--VPN============internet===========VPN--clients
> > through (DHCP)
> > permanent VPN
> >
> > I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> > the name can not be resolved, it will go to forwarder.
> >
> > Everything works fine. My question is how does branch clients access
> > internet? Does all the internet traffic route through HQ's T1?
> > Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> > traffic increase about 50%. Is it normal? Is there anyway to tune
> > it?
> > tks
> > eric
>
>

True, our offices used this configuration for over a year. I was extremely
slow , so we had to upgrad to a T



"Bill Grant" <not.available@online> wrote in message
news:%23NK6B$C$(E-Mail Removed)...
> Another thing which can make VPN seem slow is using ADSL. ADSL routers
> are designed to give you faster download speeds, usually by a factor of 4
> (like 64k/256k). If you use these for a VPN link, the VPN traffic runs at
> the lower speed, because all traffic is is an upload as far as one of the
> routers is concerned. Add the inevitable Internet holdups and
> encryption/encapsulation overheads and it is not speedy!
>
> "Phillip Windell" <@.> wrote in message
> news:u0wYZC7#(E-Mail Removed)...
> > It isn't very complex Eric.
> >
> > If the LAN is a single subnet (looks like yours is) then the clients
> simply
> > use the VPN Device as the Default Gateway. The VPN Device itself is
smart
> > enough to know the difference between Internet traffic and your
"intranet"
> > traffic and handle it properly. Routing inside the VPN Device is pretty
> much
> > automatic because the VPN link is considered a "Directly Connected
> Network"
> > and due to that alone will already have a routing table entry.
> >
> > Yes, the traffic usage will jump up because you are running both
Internet
> > traffic and "intranet" traffic on the same T1. Also VPN just on its own
> has
> > much more overhead in the Protocols than just straight TCP/IP traffic.
> >
> > VPN is not a very big "performer". It is not as efficient as a private
> > leased line, but it is cheaper, which is probably the biggest legitiment
> > attraction to it. But due to all the marketing "hype" everyone is in a
> mad
> > scramble to setup VPNs, just like they were all in a mad scramble to get
> on
> > the Internet back in the mid 1990's. Then they become confused and
> > disappointed that is doesn't perform as smoothly and quickly as the
older
> > leased lines.
> >
> > We have over 20 sites connected by VPN from all across the US and Puerto
> > Rico. It used to be all done with lease lines, now it is VPN. The change
> > came due to cost savings, not because VPN is better (because it is not
> > better).
> >
> > I guess I have to get on my VPN Soap Box and "spew" once in a while.
:-)
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "eric" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) om...
> > > I have setup a site to site VPN for our remote branch using pptp. The
> > > following is the setting:
> > >
> > > head quarter branch
> > > T1 (192.168.1.x) 756K DSL(192.168.2.x)
> > > DC--VPN============internet===========VPN--clients
> > > through (DHCP)
> > > permanent VPN
> > >
> > > I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> > > the name can not be resolved, it will go to forwarder.
> > >
> > > Everything works fine. My question is how does branch clients access
> > > internet? Does all the internet traffic route through HQ's T1?
> > > Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> > > traffic increase about 50%. Is it normal? Is there anyway to tune
> > > it?
> > > tks
> > > eric
> >
> >
>
>

That makes me want to check on mine at home. It is supposed to be 256 both
ways, but what they tell me and what really happens could be two different
things. I use only a DSL modem (no router) if that makes any difference,
but I know my VPN performance is miserable.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Bill Grant" <not.available@online> wrote in message
news:#NK6B$C$(E-Mail Removed)...
> Another thing which can make VPN seem slow is using ADSL. ADSL routers
> are designed to give you faster download speeds, usually by a factor of 4
> (like 64k/256k). If you use these for a VPN link, the VPN traffic runs at
> the lower speed, because all traffic is is an upload as far as one of the
> routers is concerned. Add the inevitable Internet holdups and
> encryption/encapsulation overheads and it is not speedy!
>
> "Phillip Windell" <@.> wrote in message
> news:u0wYZC7#(E-Mail Removed)...
> > It isn't very complex Eric.
> >
> > If the LAN is a single subnet (looks like yours is) then the clients
> simply
> > use the VPN Device as the Default Gateway. The VPN Device itself is
smart
> > enough to know the difference between Internet traffic and your
"intranet"
> > traffic and handle it properly. Routing inside the VPN Device is pretty
> much
> > automatic because the VPN link is considered a "Directly Connected
> Network"
> > and due to that alone will already have a routing table entry.
> >
> > Yes, the traffic usage will jump up because you are running both
Internet
> > traffic and "intranet" traffic on the same T1. Also VPN just on its own
> has
> > much more overhead in the Protocols than just straight TCP/IP traffic.
> >
> > VPN is not a very big "performer". It is not as efficient as a private
> > leased line, but it is cheaper, which is probably the biggest legitiment
> > attraction to it. But due to all the marketing "hype" everyone is in a
> mad
> > scramble to setup VPNs, just like they were all in a mad scramble to get

> on
> > the Internet back in the mid 1990's. Then they become confused and
> > disappointed that is doesn't perform as smoothly and quickly as the
older
> > leased lines.
> >
> > We have over 20 sites connected by VPN from all across the US and Puerto
> > Rico. It used to be all done with lease lines, now it is VPN. The change
> > came due to cost savings, not because VPN is better (because it is not
> > better).
> >
> > I guess I have to get on my VPN Soap Box and "spew" once in a while.
:-)
> >
> > --
> >
> > Phillip Windell [MCP, MVP, CCNA]
> > www.wandtv.com
> >
> >
> > "eric" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) om...
> > > I have setup a site to site VPN for our remote branch using pptp. The
> > > following is the setting:
> > >
> > > head quarter branch
> > > T1 (192.168.1.x) 756K DSL(192.168.2.x)
> > > DC--VPN============internet===========VPN--clients
> > > through (DHCP)
> > > permanent VPN
> > >
> > > I have branch DHCP server pointed its DNS to DC's integrated DNS. If
> > > the name can not be resolved, it will go to forwarder.
> > >
> > > Everything works fine. My question is how does branch clients access
> > > internet? Does all the internet traffic route through HQ's T1?
> > > Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> > > traffic increase about 50%. Is it normal? Is there anyway to tune
> > > it?
> > > tks
> > > eric
> >
> >
>
>

If it's genuine DSL, it should be symmetric (same both ways). The A in
ADSL stands for Asymmetric, indicating not balanced.

"Phillip Windell" <@.> wrote in message
news:uscm0hK$(E-Mail Removed)...
> That makes me want to check on mine at home. It is supposed to be 256 both
> ways, but what they tell me and what really happens could be two different
> things. I use only a DSL modem (no router) if that makes any difference,
> but I know my VPN performance is miserable.
>
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:#NK6B$C$(E-Mail Removed)...
> > Another thing which can make VPN seem slow is using ADSL. ADSL
routers
> > are designed to give you faster download speeds, usually by a factor of
4
> > (like 64k/256k). If you use these for a VPN link, the VPN traffic runs
at
> > the lower speed, because all traffic is is an upload as far as one of
the
> > routers is concerned. Add the inevitable Internet holdups and
> > encryption/encapsulation overheads and it is not speedy!
> >
> > "Phillip Windell" <@.> wrote in message
> > news:u0wYZC7#(E-Mail Removed)...
> > > It isn't very complex Eric.
> > >
> > > If the LAN is a single subnet (looks like yours is) then the clients
> > simply
> > > use the VPN Device as the Default Gateway. The VPN Device itself is
> smart
> > > enough to know the difference between Internet traffic and your
> "intranet"
> > > traffic and handle it properly. Routing inside the VPN Device is
pretty
> > much
> > > automatic because the VPN link is considered a "Directly Connected
> > Network"
> > > and due to that alone will already have a routing table entry.
> > >
> > > Yes, the traffic usage will jump up because you are running both
> Internet
> > > traffic and "intranet" traffic on the same T1. Also VPN just on its
own
> > has
> > > much more overhead in the Protocols than just straight TCP/IP traffic.
> > >
> > > VPN is not a very big "performer". It is not as efficient as a
private
> > > leased line, but it is cheaper, which is probably the biggest
legitiment
> > > attraction to it. But due to all the marketing "hype" everyone is in
a
> > mad
> > > scramble to setup VPNs, just like they were all in a mad scramble to
get
>
> > on
> > > the Internet back in the mid 1990's. Then they become confused and
> > > disappointed that is doesn't perform as smoothly and quickly as the
> older
> > > leased lines.
> > >
> > > We have over 20 sites connected by VPN from all across the US and
Puerto
> > > Rico. It used to be all done with lease lines, now it is VPN. The
change
> > > came due to cost savings, not because VPN is better (because it is not
> > > better).
> > >
> > > I guess I have to get on my VPN Soap Box and "spew" once in a while.
> :-)
> > >
> > > --
> > >
> > > Phillip Windell [MCP, MVP, CCNA]
> > > www.wandtv.com
> > >
> > >
> > > "eric" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed) om...
> > > > I have setup a site to site VPN for our remote branch using pptp.
The
> > > > following is the setting:
> > > >
> > > > head quarter branch
> > > > T1 (192.168.1.x) 756K DSL(192.168.2.x)
> > > > DC--VPN============internet===========VPN--clients
> > > > through (DHCP)
> > > > permanent VPN
> > > >
> > > > I have branch DHCP server pointed its DNS to DC's integrated DNS.
If
> > > > the name can not be resolved, it will go to forwarder.
> > > >
> > > > Everything works fine. My question is how does branch clients
access
> > > > internet? Does all the internet traffic route through HQ's T1?
> > > > Whenever the branch VPN server connected to HQ vpn server, HQ's T1
> > > > traffic increase about 50%. Is it normal? Is there anyway to tune
> > > > it?
> > > > tks
> > > > eric
> > >
> > >
> >
> >
>
>