Site-tosite VPN Issue

Here's the setup:

Main Office

Server:
Windows Server 2003 domain controller
IP address: 192.168.1.10
Subnet mask: 255.255.255.0
Gateway: 192.168.1.1
Services: Active Directory, DNS, DHCP

Clients:
Mixture of PCs running Windows 2000 Profressional with SP3 and Windows XP
Professional with SP2

Network:
Dell 16-port switch
SBC 768K SDSL

Firewall:
Sonicwall TZ170 Internet Security Appliance
LAN IP = 192.168.1.1
LAN Subnet Mask = 255.255.255.0
Firmware version: SonicOS Standard 2.2.0.1
Revision: 2.2.0_pp_8s $
ROM version 2.0.0.3
Previous firmware version: 2.0.0.2
Fragment outbound packets larger than WAN MTU: 1
WAN MTU: 1404
CP Wan MTU: 1404
WAN Ignore DF Bit for non-VPN traffic: 1

Site-to-site VPN:
Encrypt/Auth - ESP DES HMAC MD5
Key Exchange: Manual Keys
VPN Terminated at: LAN
netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
TunnelForAllOutboundTraffic off
Authentication of local users off, Authentication of remote users off
remote subnet for netbios 255.255.255.0
destIP begin 192.168.2.1, end 192.168.2.254



Remote Office

Clients:
4 Dell PCs running Windows XP Professional with SP2

Network:
Belkin 8-port 10/100 hub
Choice One 768K SDSL

Firewall:
Sonicwall TZ170 Internet Security Appliance
LAN IP = 192.168.2.1
LAN Subnet Mask = 255.255.255.0
Firmware version: SonicOS Standard 2.2.0.1
Revision: 2.2.0_pp_8s $
ROM version 2.0.0.3
Previous firmware version: 2.0.0.2
Fragment outbound packets larger than WAN MTU: 1
WAN MTU: 1404
CP Wan MTU: 1404
WAN Ignore DF Bit for non-VPN traffic: 1
DHCP Server:
Enable DHCP = 1
Lease Period = 1440 minutes
Range Start = 192.168.2.100
Range End = 192.168.2.110
Interface = LAN
Default Gateway = 192.168.2.1
Subnet Mask = 255.255.255.0
Domain Name = <NULL>
DNS Servers = 192.168.1.10

Site-to-site VPN:
Encrypt/Auth - ESP DES HMAC MD5
Key Exchange: Manual Keys
VPN Terminated at: LAN
netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
TunnelForAllOutboundTraffic off
Authentication of local users off, Authentication of remote users off
remote subnet for netbios 255.255.255.0
destIP begin 192.168.2.1, end 192.168.2.254

A site-to-site VPN between both Sonicwall TZ170 connects the Remote Office
to the Main Office. All four PCs at the Remote Office authenticate across
the VPN to the Windows Server 2003 domain controller. At the Remote Office,
DNS is resolving to the domain controller across the VPN.

Issue:

All users use a Windows-based application that connects to a database on the
Windows Server 2003 domain controller.

There are not any performance issues in the Main Office. There are
performance issues with clients accessing the database and copying/opening
files from the server to the client PC over the VPN from the Remote Office.
We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote Office
and netmon.exe on the Windows Server 2003 domain controller) while copying a
12.7MB file from the server to the client PC. What we found is that the
client PC at the Remote Office is repeatedly sending ACKs across the VPN
tunnel to the domain controller and the domain controller is yet the domain
controller is repeatedly sending ACKs across the VPN tunnel to the client PC.


We do not know what's causing this issue. Sonicwall states that there's
nothing wrong with their hardware or the VPN tunnel itself.

Does anyone have any ideas?

Thanks in advance!!

Rob

PS - I can send the packet trace capture files if needed. Just let me know.

we have seen many slow issue on DSL VPN. Adjusting mtu may or may not fix
the issues. you may try windows demand-dial VPN.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"rpaz61" <(E-Mail Removed)> wrote in message
news:B92A0900-A8EC-4CE2-A384-(E-Mail Removed)...
> Here's the setup:
>
> Main Office
>
> Server:
> Windows Server 2003 domain controller
> IP address: 192.168.1.10
> Subnet mask: 255.255.255.0
> Gateway: 192.168.1.1
> Services: Active Directory, DNS, DHCP
>
> Clients:
> Mixture of PCs running Windows 2000 Profressional with SP3 and Windows XP
> Professional with SP2
>
> Network:
> Dell 16-port switch
> SBC 768K SDSL
>
> Firewall:
> Sonicwall TZ170 Internet Security Appliance
> LAN IP = 192.168.1.1
> LAN Subnet Mask = 255.255.255.0
> Firmware version: SonicOS Standard 2.2.0.1
> Revision: 2.2.0_pp_8s $
> ROM version 2.0.0.3
> Previous firmware version: 2.0.0.2
> Fragment outbound packets larger than WAN MTU: 1
> WAN MTU: 1404
> CP Wan MTU: 1404
> WAN Ignore DF Bit for non-VPN traffic: 1
>
> Site-to-site VPN:
> Encrypt/Auth - ESP DES HMAC MD5
> Key Exchange: Manual Keys
> VPN Terminated at: LAN
> netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> TunnelForAllOutboundTraffic off
> Authentication of local users off, Authentication of remote users off
> remote subnet for netbios 255.255.255.0
> destIP begin 192.168.2.1, end 192.168.2.254
>
>
>
> Remote Office
>
> Clients:
> 4 Dell PCs running Windows XP Professional with SP2
>
> Network:
> Belkin 8-port 10/100 hub
> Choice One 768K SDSL
>
> Firewall:
> Sonicwall TZ170 Internet Security Appliance
> LAN IP = 192.168.2.1
> LAN Subnet Mask = 255.255.255.0
> Firmware version: SonicOS Standard 2.2.0.1
> Revision: 2.2.0_pp_8s $
> ROM version 2.0.0.3
> Previous firmware version: 2.0.0.2
> Fragment outbound packets larger than WAN MTU: 1
> WAN MTU: 1404
> CP Wan MTU: 1404
> WAN Ignore DF Bit for non-VPN traffic: 1
> DHCP Server:
> Enable DHCP = 1
> Lease Period = 1440 minutes
> Range Start = 192.168.2.100
> Range End = 192.168.2.110
> Interface = LAN
> Default Gateway = 192.168.2.1
> Subnet Mask = 255.255.255.0
> Domain Name = <NULL>
> DNS Servers = 192.168.1.10
>
> Site-to-site VPN:
> Encrypt/Auth - ESP DES HMAC MD5
> Key Exchange: Manual Keys
> VPN Terminated at: LAN
> netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> TunnelForAllOutboundTraffic off
> Authentication of local users off, Authentication of remote users off
> remote subnet for netbios 255.255.255.0
> destIP begin 192.168.2.1, end 192.168.2.254
>
> A site-to-site VPN between both Sonicwall TZ170 connects the Remote Office
> to the Main Office. All four PCs at the Remote Office authenticate across
> the VPN to the Windows Server 2003 domain controller. At the Remote
> Office,
> DNS is resolving to the domain controller across the VPN.
>
> Issue:
>
> All users use a Windows-based application that connects to a database on
> the
> Windows Server 2003 domain controller.
>
> There are not any performance issues in the Main Office. There are
> performance issues with clients accessing the database and copying/opening
> files from the server to the client PC over the VPN from the Remote
> Office.
> We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote
> Office
> and netmon.exe on the Windows Server 2003 domain controller) while copying
> a
> 12.7MB file from the server to the client PC. What we found is that the
> client PC at the Remote Office is repeatedly sending ACKs across the VPN
> tunnel to the domain controller and the domain controller is yet the
> domain
> controller is repeatedly sending ACKs across the VPN tunnel to the client
> PC.
>
>
> We do not know what's causing this issue. Sonicwall states that there's
> nothing wrong with their hardware or the VPN tunnel itself.
>
> Does anyone have any ideas?
>
> Thanks in advance!!
>
> Rob
>
> PS - I can send the packet trace capture files if needed. Just let me
> know.

Also you might want to look at TS as an alternative.
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> we have seen many slow issue on DSL VPN. Adjusting mtu may or may not fix
> the issues. you may try windows demand-dial VPN.
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> VPN Process and Error Analysis,
http://www.chicagotech.net/VPN%20process.htm
> VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> This posting is provided "AS IS" with no warranties.
> "rpaz61" <(E-Mail Removed)> wrote in message
> news:B92A0900-A8EC-4CE2-A384-(E-Mail Removed)...
> > Here's the setup:
> >
> > Main Office
> >
> > Server:
> > Windows Server 2003 domain controller
> > IP address: 192.168.1.10
> > Subnet mask: 255.255.255.0
> > Gateway: 192.168.1.1
> > Services: Active Directory, DNS, DHCP
> >
> > Clients:
> > Mixture of PCs running Windows 2000 Profressional with SP3 and Windows
XP
> > Professional with SP2
> >
> > Network:
> > Dell 16-port switch
> > SBC 768K SDSL
> >
> > Firewall:
> > Sonicwall TZ170 Internet Security Appliance
> > LAN IP = 192.168.1.1
> > LAN Subnet Mask = 255.255.255.0
> > Firmware version: SonicOS Standard 2.2.0.1
> > Revision: 2.2.0_pp_8s $
> > ROM version 2.0.0.3
> > Previous firmware version: 2.0.0.2
> > Fragment outbound packets larger than WAN MTU: 1
> > WAN MTU: 1404
> > CP Wan MTU: 1404
> > WAN Ignore DF Bit for non-VPN traffic: 1
> >
> > Site-to-site VPN:
> > Encrypt/Auth - ESP DES HMAC MD5
> > Key Exchange: Manual Keys
> > VPN Terminated at: LAN
> > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > TunnelForAllOutboundTraffic off
> > Authentication of local users off, Authentication of remote users off
> > remote subnet for netbios 255.255.255.0
> > destIP begin 192.168.2.1, end 192.168.2.254
> >
> >
> >
> > Remote Office
> >
> > Clients:
> > 4 Dell PCs running Windows XP Professional with SP2
> >
> > Network:
> > Belkin 8-port 10/100 hub
> > Choice One 768K SDSL
> >
> > Firewall:
> > Sonicwall TZ170 Internet Security Appliance
> > LAN IP = 192.168.2.1
> > LAN Subnet Mask = 255.255.255.0
> > Firmware version: SonicOS Standard 2.2.0.1
> > Revision: 2.2.0_pp_8s $
> > ROM version 2.0.0.3
> > Previous firmware version: 2.0.0.2
> > Fragment outbound packets larger than WAN MTU: 1
> > WAN MTU: 1404
> > CP Wan MTU: 1404
> > WAN Ignore DF Bit for non-VPN traffic: 1
> > DHCP Server:
> > Enable DHCP = 1
> > Lease Period = 1440 minutes
> > Range Start = 192.168.2.100
> > Range End = 192.168.2.110
> > Interface = LAN
> > Default Gateway = 192.168.2.1
> > Subnet Mask = 255.255.255.0
> > Domain Name = <NULL>
> > DNS Servers = 192.168.1.10
> >
> > Site-to-site VPN:
> > Encrypt/Auth - ESP DES HMAC MD5
> > Key Exchange: Manual Keys
> > VPN Terminated at: LAN
> > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > TunnelForAllOutboundTraffic off
> > Authentication of local users off, Authentication of remote users off
> > remote subnet for netbios 255.255.255.0
> > destIP begin 192.168.2.1, end 192.168.2.254
> >
> > A site-to-site VPN between both Sonicwall TZ170 connects the Remote
Office
> > to the Main Office. All four PCs at the Remote Office authenticate
across
> > the VPN to the Windows Server 2003 domain controller. At the Remote
> > Office,
> > DNS is resolving to the domain controller across the VPN.
> >
> > Issue:
> >
> > All users use a Windows-based application that connects to a database on
> > the
> > Windows Server 2003 domain controller.
> >
> > There are not any performance issues in the Main Office. There are
> > performance issues with clients accessing the database and
copying/opening
> > files from the server to the client PC over the VPN from the Remote
> > Office.
> > We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote
> > Office
> > and netmon.exe on the Windows Server 2003 domain controller) while
copying
> > a
> > 12.7MB file from the server to the client PC. What we found is that the
> > client PC at the Remote Office is repeatedly sending ACKs across the VPN
> > tunnel to the domain controller and the domain controller is yet the
> > domain
> > controller is repeatedly sending ACKs across the VPN tunnel to the
client
> > PC.
> >
> >
> > We do not know what's causing this issue. Sonicwall states that there's
> > nothing wrong with their hardware or the VPN tunnel itself.
> >
> > Does anyone have any ideas?
> >
> > Thanks in advance!!
> >
> > Rob
> >
> > PS - I can send the packet trace capture files if needed. Just let me
> > know.
>
>

OK. Outside of suggesting using a Terminal Server and changing the MTU
settings (which is currently set to 1404), does any one have any other
suggestions?

Thanks,

Rob

"Eugene Taylor" wrote:

> Also you might want to look at TS as an alternative.
> "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > we have seen many slow issue on DSL VPN. Adjusting mtu may or may not fix
> > the issues. you may try windows demand-dial VPN.
> >
> > --
> > For more and other information, go to http://www.ChicagoTech.net
> >
> > Don't send e-mail or reply to me except you need consulting services.
> > Posting on MS newsgroup will benefit all readers and you may get more
> help.
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> > http://www.ChicagoTech.net
> > Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> > VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> > VPN Process and Error Analysis,
> http://www.chicagotech.net/VPN%20process.htm
> > VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> > This posting is provided "AS IS" with no warranties.
> > "rpaz61" <(E-Mail Removed)> wrote in message
> > news:B92A0900-A8EC-4CE2-A384-(E-Mail Removed)...
> > > Here's the setup:
> > >
> > > Main Office
> > >
> > > Server:
> > > Windows Server 2003 domain controller
> > > IP address: 192.168.1.10
> > > Subnet mask: 255.255.255.0
> > > Gateway: 192.168.1.1
> > > Services: Active Directory, DNS, DHCP
> > >
> > > Clients:
> > > Mixture of PCs running Windows 2000 Profressional with SP3 and Windows
> XP
> > > Professional with SP2
> > >
> > > Network:
> > > Dell 16-port switch
> > > SBC 768K SDSL
> > >
> > > Firewall:
> > > Sonicwall TZ170 Internet Security Appliance
> > > LAN IP = 192.168.1.1
> > > LAN Subnet Mask = 255.255.255.0
> > > Firmware version: SonicOS Standard 2.2.0.1
> > > Revision: 2.2.0_pp_8s $
> > > ROM version 2.0.0.3
> > > Previous firmware version: 2.0.0.2
> > > Fragment outbound packets larger than WAN MTU: 1
> > > WAN MTU: 1404
> > > CP Wan MTU: 1404
> > > WAN Ignore DF Bit for non-VPN traffic: 1
> > >
> > > Site-to-site VPN:
> > > Encrypt/Auth - ESP DES HMAC MD5
> > > Key Exchange: Manual Keys
> > > VPN Terminated at: LAN
> > > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > > TunnelForAllOutboundTraffic off
> > > Authentication of local users off, Authentication of remote users off
> > > remote subnet for netbios 255.255.255.0
> > > destIP begin 192.168.2.1, end 192.168.2.254
> > >
> > >
> > >
> > > Remote Office
> > >
> > > Clients:
> > > 4 Dell PCs running Windows XP Professional with SP2
> > >
> > > Network:
> > > Belkin 8-port 10/100 hub
> > > Choice One 768K SDSL
> > >
> > > Firewall:
> > > Sonicwall TZ170 Internet Security Appliance
> > > LAN IP = 192.168.2.1
> > > LAN Subnet Mask = 255.255.255.0
> > > Firmware version: SonicOS Standard 2.2.0.1
> > > Revision: 2.2.0_pp_8s $
> > > ROM version 2.0.0.3
> > > Previous firmware version: 2.0.0.2
> > > Fragment outbound packets larger than WAN MTU: 1
> > > WAN MTU: 1404
> > > CP Wan MTU: 1404
> > > WAN Ignore DF Bit for non-VPN traffic: 1
> > > DHCP Server:
> > > Enable DHCP = 1
> > > Lease Period = 1440 minutes
> > > Range Start = 192.168.2.100
> > > Range End = 192.168.2.110
> > > Interface = LAN
> > > Default Gateway = 192.168.2.1
> > > Subnet Mask = 255.255.255.0
> > > Domain Name = <NULL>
> > > DNS Servers = 192.168.1.10
> > >
> > > Site-to-site VPN:
> > > Encrypt/Auth - ESP DES HMAC MD5
> > > Key Exchange: Manual Keys
> > > VPN Terminated at: LAN
> > > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > > TunnelForAllOutboundTraffic off
> > > Authentication of local users off, Authentication of remote users off
> > > remote subnet for netbios 255.255.255.0
> > > destIP begin 192.168.2.1, end 192.168.2.254
> > >
> > > A site-to-site VPN between both Sonicwall TZ170 connects the Remote
> Office
> > > to the Main Office. All four PCs at the Remote Office authenticate
> across
> > > the VPN to the Windows Server 2003 domain controller. At the Remote
> > > Office,
> > > DNS is resolving to the domain controller across the VPN.
> > >
> > > Issue:
> > >
> > > All users use a Windows-based application that connects to a database on
> > > the
> > > Windows Server 2003 domain controller.
> > >
> > > There are not any performance issues in the Main Office. There are
> > > performance issues with clients accessing the database and
> copying/opening
> > > files from the server to the client PC over the VPN from the Remote
> > > Office.
> > > We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the Remote
> > > Office
> > > and netmon.exe on the Windows Server 2003 domain controller) while
> copying
> > > a
> > > 12.7MB file from the server to the client PC. What we found is that the
> > > client PC at the Remote Office is repeatedly sending ACKs across the VPN
> > > tunnel to the domain controller and the domain controller is yet the
> > > domain
> > > controller is repeatedly sending ACKs across the VPN tunnel to the
> client
> > > PC.
> > >
> > >
> > > We do not know what's causing this issue. Sonicwall states that there's
> > > nothing wrong with their hardware or the VPN tunnel itself.
> > >
> > > Does anyone have any ideas?
> > >
> > > Thanks in advance!!
> > >
> > > Rob
> > >
> > > PS - I can send the packet trace capture files if needed. Just let me
> > > know.
> >
> >
>
>
>

I would also try putting a dc in the remote office. This should help cut
down on the traffic if they are authenticating locally.
"rpaz61" <(E-Mail Removed)> wrote in message
news:7F4DFA87-3585-426D-892D-(E-Mail Removed)...
> OK. Outside of suggesting using a Terminal Server and changing the MTU
> settings (which is currently set to 1404), does any one have any other
> suggestions?
>
> Thanks,
>
> Rob
>
> "Eugene Taylor" wrote:
>
> > Also you might want to look at TS as an alternative.
> > "Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > we have seen many slow issue on DSL VPN. Adjusting mtu may or may not
fix
> > > the issues. you may try windows demand-dial VPN.
> > >
> > > --
> > > For more and other information, go to http://www.ChicagoTech.net
> > >
> > > Don't send e-mail or reply to me except you need consulting services.
> > > Posting on MS newsgroup will benefit all readers and you may get more
> > help.
> > >
> > > Bob Lin, MS-MVP, MCSE & CNE
> > > Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting
on
> > > http://www.ChicagoTech.net
> > > Networking Solutions, http://www.chicagotech.net/networksolutions.htm
> > > VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
> > > VPN Process and Error Analysis,
> > http://www.chicagotech.net/VPN%20process.htm
> > > VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
> > > This posting is provided "AS IS" with no warranties.
> > > "rpaz61" <(E-Mail Removed)> wrote in message
> > > news:B92A0900-A8EC-4CE2-A384-(E-Mail Removed)...
> > > > Here's the setup:
> > > >
> > > > Main Office
> > > >
> > > > Server:
> > > > Windows Server 2003 domain controller
> > > > IP address: 192.168.1.10
> > > > Subnet mask: 255.255.255.0
> > > > Gateway: 192.168.1.1
> > > > Services: Active Directory, DNS, DHCP
> > > >
> > > > Clients:
> > > > Mixture of PCs running Windows 2000 Profressional with SP3 and
Windows
> > XP
> > > > Professional with SP2
> > > >
> > > > Network:
> > > > Dell 16-port switch
> > > > SBC 768K SDSL
> > > >
> > > > Firewall:
> > > > Sonicwall TZ170 Internet Security Appliance
> > > > LAN IP = 192.168.1.1
> > > > LAN Subnet Mask = 255.255.255.0
> > > > Firmware version: SonicOS Standard 2.2.0.1
> > > > Revision: 2.2.0_pp_8s $
> > > > ROM version 2.0.0.3
> > > > Previous firmware version: 2.0.0.2
> > > > Fragment outbound packets larger than WAN MTU: 1
> > > > WAN MTU: 1404
> > > > CP Wan MTU: 1404
> > > > WAN Ignore DF Bit for non-VPN traffic: 1
> > > >
> > > > Site-to-site VPN:
> > > > Encrypt/Auth - ESP DES HMAC MD5
> > > > Key Exchange: Manual Keys
> > > > VPN Terminated at: LAN
> > > > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > > > TunnelForAllOutboundTraffic off
> > > > Authentication of local users off, Authentication of remote users
off
> > > > remote subnet for netbios 255.255.255.0
> > > > destIP begin 192.168.2.1, end 192.168.2.254
> > > >
> > > >
> > > >
> > > > Remote Office
> > > >
> > > > Clients:
> > > > 4 Dell PCs running Windows XP Professional with SP2
> > > >
> > > > Network:
> > > > Belkin 8-port 10/100 hub
> > > > Choice One 768K SDSL
> > > >
> > > > Firewall:
> > > > Sonicwall TZ170 Internet Security Appliance
> > > > LAN IP = 192.168.2.1
> > > > LAN Subnet Mask = 255.255.255.0
> > > > Firmware version: SonicOS Standard 2.2.0.1
> > > > Revision: 2.2.0_pp_8s $
> > > > ROM version 2.0.0.3
> > > > Previous firmware version: 2.0.0.2
> > > > Fragment outbound packets larger than WAN MTU: 1
> > > > WAN MTU: 1404
> > > > CP Wan MTU: 1404
> > > > WAN Ignore DF Bit for non-VPN traffic: 1
> > > > DHCP Server:
> > > > Enable DHCP = 1
> > > > Lease Period = 1440 minutes
> > > > Range Start = 192.168.2.100
> > > > Range End = 192.168.2.110
> > > > Interface = LAN
> > > > Default Gateway = 192.168.2.1
> > > > Subnet Mask = 255.255.255.0
> > > > Domain Name = <NULL>
> > > > DNS Servers = 192.168.1.10
> > > >
> > > > Site-to-site VPN:
> > > > Encrypt/Auth - ESP DES HMAC MD5
> > > > Key Exchange: Manual Keys
> > > > VPN Terminated at: LAN
> > > > netbios off, ApplyNatAndRules off, ForwardPacketsToRemoteVPNs off
> > > > TunnelForAllOutboundTraffic off
> > > > Authentication of local users off, Authentication of remote users
off
> > > > remote subnet for netbios 255.255.255.0
> > > > destIP begin 192.168.2.1, end 192.168.2.254
> > > >
> > > > A site-to-site VPN between both Sonicwall TZ170 connects the Remote
> > Office
> > > > to the Main Office. All four PCs at the Remote Office authenticate
> > across
> > > > the VPN to the Windows Server 2003 domain controller. At the Remote
> > > > Office,
> > > > DNS is resolving to the domain controller across the VPN.
> > > >
> > > > Issue:
> > > >
> > > > All users use a Windows-based application that connects to a
database on
> > > > the
> > > > Windows Server 2003 domain controller.
> > > >
> > > > There are not any performance issues in the Main Office. There are
> > > > performance issues with clients accessing the database and
> > copying/opening
> > > > files from the server to the client PC over the VPN from the Remote
> > > > Office.
> > > > We ran a packet trace (netcap.exe on a Windows XP SP2 PC at the
Remote
> > > > Office
> > > > and netmon.exe on the Windows Server 2003 domain controller) while
> > copying
> > > > a
> > > > 12.7MB file from the server to the client PC. What we found is that
the
> > > > client PC at the Remote Office is repeatedly sending ACKs across the
VPN
> > > > tunnel to the domain controller and the domain controller is yet the
> > > > domain
> > > > controller is repeatedly sending ACKs across the VPN tunnel to the
> > client
> > > > PC.
> > > >
> > > >
> > > > We do not know what's causing this issue. Sonicwall states that
there's
> > > > nothing wrong with their hardware or the VPN tunnel itself.
> > > >
> > > > Does anyone have any ideas?
> > > >
> > > > Thanks in advance!!
> > > >
> > > > Rob
> > > >
> > > > PS - I can send the packet trace capture files if needed. Just let
me
> > > > know.
> > >
> > >
> >
> >
> >