Have you ever had problems with your VPN connection? How about problems reaching certain parts of the network? What about some applications working over the VPN but others not? How about slow performance?
If you've had any of these problems, join the crowd. VPNs are known for exhibiting a variety of issues that baffle the mind as to what can be the cause. This article will discuss two common issues associated with VPN services and suggest resolutions that can be handled by end users.
Slow performance
One of the most common problems is slow performance. We have all been in this boat. The first thing that I would recommend is testing the performance of the Internet link itself. This is a relatively simple exercise that even the most ignorant end user can execute. Follow these steps:
- First disconnect the VPN. We want to ensure that network latency is not the problem, so we do not want any VPN issue to cloud the picture.
- Open a DOS prompt. Hit the start button; hit the run icon. When the window comes up, type "cmd" in the window.
- Type the following at the command prompt: ping -t www.cisco.com. you should see output similar to the output below:
C:\Documents and Settings\Robbie Harrell>ping -t www.cisco.com
Pinging www.cisco.com [198.133.219.25] with 32 bytes of data:
Reply from 198.133.219.25: bytes=32 time=94ms TTL=113
Reply from 198.133.219.25: bytes=32 time=77ms TTL=113
Request timed out.
Reply from 198.133.219.25: bytes=32 time=71ms TTL=113
Reply from 198.133.219.25: bytes=32 time=78ms TTL=113
Reply from 198.133.219.25: bytes=32 time=77ms TTL=113
Reply from 198.133.219.25: bytes=32 time=77ms TTL=113
Request timed out.
Ping statistics for 198.133.219.25:
Packets: Sent = 8, Received = 6, Lost = 2 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 94ms, Average = 79ms
As you can see from this output, I am experiencing an average of 79ms for my packet to go across the internet to Cisco's Web server and back. Not bad. Anything less than 100ms is good. Not great, but good.
If the network is good, you may have issues with your maximum transmission unit (MTU). Some VPN clients have a hard time fragmenting packets and if the MTU is set high (say 1500), the performance may suffer. I always recommend setting the MTU to 1200 on the VPN client. The process for doing this varies by client, so use the help feature to determine how to set it on your client.
Trouble connecting to the Internet while on the VPN
Another common problem is being unable to connect to the Internet after initiating your VPN client, although you could do so beforehand. The root cause can lie in several different areas. A common misconception is that the VPN is just a mechanism to encrypt traffic. This is not true. The VPN client actually establishes a virtual tunnel between your PC and the host site. This means that when you try to access the Internet via the VPN, the far end must have Internet access. For example, if you use an ISP for your Internet carrier, you have immediate access to the Internet via the Internet link. When you initiate your VPN, you are now relying on your organization to provide the Internet access, as the packets have to go all the way back to the home office before being forwarded to the Internet. If the Internet access is down or you are not allowed to access the Internet from a policy perspective, you cannot surf while using the VPN. This can be a pain. In addition, some VPN clients use the VPN server as the default gateway for the VPN client. If the server is the default gateway and is not configured to provide Internet access, the surfing will fail as well.
These are just two of the issues associated with VPNs. While there are many more that can be discussed, these are the two that can be handled from a user's perspective. Good luck and happy troubleshooting.
