Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

verify traffic between DC's over vpn

Status
Not open for further replies.

SmokinRR

Technical User
May 26, 2004
56
US
This may be elementary to some users, but I seem to be having trouble with this. Background, I have two sites, one in Germany, one in US connected by vpn (PIX 515 in US, Watchguard Firebox in Ger) One domain, a DC in each site, as well as Exchange server at each site hosting boxes of users at that site but synchronized.

When we initially set this up, the performance wasn't too bad over the vpn, (moving files and opening shares) considering it was from US to Germany. Lately though, it takes forever to open up shares, and moving files is painfully slow (a 1.6Mb file just took me over a minute and a half to move, this used to take seconds!!)

My question is this, is there an easy way to determine if this is a bandwidth issue, and if it is what is eating up the bandwidth??? Also, what else might be causing this!!

I appreciate any insight,

Thanks

J
 
just some thoughts from past experiences:

Is the vpn tunnel on a public circuit? private point-2-point? CIR is a big factor in bandwidth availability. It may be that you are tunneling over a circuit that was not in full use when it was setup, but now the telcom vendor has sold more %age of the pipe and your packets are falling behind those that may have greater CIR and QOS prioritization, thus increased latency. There are some free bandwidth monitoring tools available. We are using Cacti on a linux box to keep tabs on our circuits.

scottie
 
You could try to trace all traffic on the VPN IP, using the free Ethereal

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
Have a look at the shop @ !
 
It is on a public circuit, so yes, that could be the case I guess, hadn't thought of that.

Marcs41, I'm not familiar with Ethereal, how would I set it up to trace traffic over my vpn?

Thanks for the help guys, I really appreciate it.

J
 
It's quite simple, for this task, all you need to do is let it run a while on your LAN and filter out the IP address of the VPN later.
Or, you could just trace that machine itself of course. The manual is very clear to use.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
Have a look at the shop @ !
 
Does Ethereal work on a switched network though? Or will I have to run it on the DC here to check traffic between it and the other site?

J
 
You can run it wherever you want, but if you only need to trace that one machine, put it on there, it is not a heavy load and very harmless.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
Have a look at the shop @ !
 
I'm going to try that now Marc, I'll let you know how I make out.

J
 
Ok, let it run for 30 -60 minutes or so, beware where you put the log, it can get big!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
Have a look at the shop @ !
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top