Problem solve Get help with specific problems with your technologies, process and projects.

VPN troubleshooting

This tip discusses two common issues associated with VPN services and suggests resolutions that can be handled by end users.

Have you ever had problems with your VPN connection? How about problems reaching certain parts of the network? What about some applications working over the VPN but others not? How about slow performance?

If you've had any of these problems, join the crowd. VPNs are known for exhibiting a variety of issues that baffle the mind as to what can be the cause. This article will discuss two common issues associated with VPN services and suggest resolutions that can be handled by end users.

Slow performance

One of the most common problems is slow performance. We have all been in this boat. The first thing that I would recommend is testing the performance of the Internet link itself. This is a relatively simple exercise that even the most ignorant end user can execute. Follow these steps:

  1. First disconnect the VPN. We want to ensure that network latency is not the problem, so we do not want any VPN issue to cloud the picture.
  2. Open a DOS prompt. Hit the start button; hit the run icon. When the window comes up, type "cmd" in the window.
  3. Type the following at the command prompt: ping -t you should see output similar to the output below:

    C:\Documents and Settings\Robbie Harrell>ping -t
    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time=94ms TTL=113
    Reply from bytes=32 time=77ms TTL=113
    Request timed out.
    Reply from bytes=32 time=71ms TTL=113
    Reply from bytes=32 time=78ms TTL=113
    Reply from bytes=32 time=77ms TTL=113
    Reply from bytes=32 time=77ms TTL=113
    Request timed out.
    Ping statistics for
    Packets: Sent = 8, Received = 6, Lost = 2 (25% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 71ms, Maximum = 94ms, Average = 79ms

As you can see from this output, I am experiencing an average of 79ms for my packet to go across the internet to Cisco's Web server and back. Not bad. Anything less than 100ms is good. Not great, but good.

If the network is good, you may have issues with your maximum transmission unit (MTU). Some VPN clients have a hard time fragmenting packets and if the MTU is set high (say 1500), the performance may suffer. I always recommend setting the MTU to 1200 on the VPN client. The process for doing this varies by client, so use the help feature to determine how to set it on your client.

Trouble connecting to the Internet while on the VPN

More on this topic

VPN troubleshooting and management links

Crash Course: VPNs

Another common problem is being unable to connect to the Internet after initiating your VPN client, although you could do so beforehand. The root cause can lie in several different areas. A common misconception is that the VPN is just a mechanism to encrypt traffic. This is not true. The VPN client actually establishes a virtual tunnel between your PC and the host site. This means that when you try to access the Internet via the VPN, the far end must have Internet access. For example, if you use an ISP for your Internet carrier, you have immediate access to the Internet via the Internet link. When you initiate your VPN, you are now relying on your organization to provide the Internet access, as the packets have to go all the way back to the home office before being forwarded to the Internet. If the Internet access is down or you are not allowed to access the Internet from a policy perspective, you cannot surf while using the VPN. This can be a pain. In addition, some VPN clients use the VPN server as the default gateway for the VPN client. If the server is the default gateway and is not configured to provide Internet access, the surfing will fail as well.

These are just two of the issues associated with VPNs. While there are many more that can be discussed, these are the two that can be handled from a user's perspective. Good luck and happy troubleshooting.

This was last published in September 2005

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.