Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

pix and dns queries

Status
Not open for further replies.
blackrabbit

blackrabbit

IS-IT--Management
Aug 22, 2002
204
US
I'm beating my head on the wall about this one. We just ctarted moving to a 2003 server ad with xp clients. we were on nt4 domain. We switched one building to the new domain and started making them use roaming profiles. That building has avpm tunnel from thier 501 to our 515. Logging in from there takes almost 5 min over a 1.5 MBps t1. But form main office where the DC/DNS server is take seconds.

The remote computers are getting dhcp via thier pix and yes they are pointing to our DNS server. I've looked at everything and now I'm starting to think that maybe the pix is cauing problem with the DNS resolution from the remote site during login while the client tries to find the DC. I'm at my wits end. I've tried a few things that have sped up the login a little,mine take about 2 min now instead of 5 min. Our profiles are less than 3 meg. Just though I'd ask if there is something i have to set in the pix to allow dns resolution through the tunnel to our main dns server.
 
Sort by date Sort by votes
One thing I've seen in similar circumstances that slowed down login A LOT over a vpn was how many security groups the users were in. Try creating a test user, pop them in a single windows security group, and see if that logs in any faster than your other users. If so, try to minimise the amount of security groups the users belong to. I did have a technet article explaining why, but can't find it at the moment. The general gist is that during login the users credentials have to be checked against each security group to determine their rights, and this seems to generate network traffic for some reason. I've seen users take half an hour to log in over a vpn on top of a 512meg adsl connection. Took the user out of all the security groups, logged in almost as quickly as if they were on the lan.

Alternatively you may be onto something with the DNS idea, 2003 server support EDNS0, whereas NT servers didn't. I *think* xp clients do too. So your fixup dns statement may be blocking dns down the vpn. I mentioned that issue a bit more in another post, the links might be useful:


Best of luck mate

chico

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
295
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
256
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
216
Nitta84
Nitta84
mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
69
burtsbees
burtsbees
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
103
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top