Site to Site VPN works. How does traffic been routed?

I have setup a site to site VPN for our remote branch using pptp. The
following is the setting:

head quarter branch
T1 (192.168.1.x) 756K DSL(192.168.2.x)
DC--VPN============internet===========VPN--clients
through (DHCP)
permanent VPN

I have branch DHCP server pointed its DNS to DC's integrated DNS. If
the name can not be resolved, it will go to forwarder.

Everything works fine. My question is how does branch clients access
internet? Does all the internet traffic route through HQ's T1?
Whenever the branch VPN server connected to HQ vpn server, HQ's T1
traffic increase about 50%. Is it normal? Is there anyway to tune
it?
tks
eric

 

I think it depends on how you have your branch clients default gateway
configured.

Please correct me if I'm wrong, but I think if the branch clients have a
default gateway of the branch site router, the branch site clients will use
the DSL link. If the DG is set as the headquarters router then the branch
site clients use the T1

TomT

 

It depends on how the link is set up. Normally these are set up so
that local machines access the Internet through the local router, and only
inter-office traffic is sent through the VPN link. The only way to know for
sure is to look at the routing table of the routers involved.

 

It isn't very complex Eric.

If the LAN is a single subnet (looks like yours is) then the clients simply
use the VPN Device as the Default Gateway. The VPN Device itself is smart
enough to know the difference between Internet traffic and your "intranet"
traffic and handle it properly. Routing inside the VPN Device is pretty much
automatic because the VPN link is considered a "Directly Connected Network"
and due to that alone will already have a routing table entry.

Yes, the traffic usage will jump up because you are running both Internet
traffic and "intranet" traffic on the same T1. Also VPN just on its own has
much more overhead in the Protocols than just straight TCP/IP traffic.

VPN is not a very big "performer". It is not as efficient as a private
leased line, but it is cheaper, which is probably the biggest legitiment
attraction to it. But due to all the marketing "hype" everyone is in a mad
scramble to setup VPNs, just like they were all in a mad scramble to get on
the Internet back in the mid 1990's. Then they become confused and
disappointed that is doesn't perform as smoothly and quickly as the older
leased lines.

We have over 20 sites connected by VPN from all across the US and Puerto
Rico. It used to be all done with lease lines, now it is VPN. The change
came due to cost savings, not because VPN is better (because it is not
better).

I guess I have to get on my VPN Soap Box and "spew" once in a while.

 

Another thing which can make VPN seem slow is using ADSL. ADSL routers
are designed to give you faster download speeds, usually by a factor of 4
(like 64k/256k). If you use these for a VPN link, the VPN traffic runs at
the lower speed, because all traffic is is an upload as far as one of the
routers is concerned. Add the inevitable Internet holdups and
encryption/encapsulation overheads and it is not speedy!

 

True, our offices used this configuration for over a year. I was extremely
slow , so we had to upgrad to a T

 

That makes me want to check on mine at home. It is supposed to be 256 both
ways, but what they tell me and what really happens could be two different
things. I use only a DSL modem (no router) if that makes any difference,
but I know my VPN performance is miserable.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

 

If it's genuine DSL, it should be symmetric (same both ways). The A in
ADSL stands for Asymmetric, indicating not balanced.