TMG VPN Performance Problem

[BoomAM]

Evening all,
Im trying to solve a rather annoying issue with a TMG box (virtualised).
Basically, the VPN connections are slow. Very slow.

Our 'old' ISA is still running and the settings on both are identical when it comes to VPN options.

Tests to and from the server from within the LAN show that the server can transfer 80MB/s+ out. So that takes hardware performance out the equation. And the older firewall transfers fine, full speed, so thats the net connection out of the equation too.

Anyone got any ideas?

Thanks.

 

[BoomAM]

I'm starting to think it may be a MTU problem...anyone got any thoughts?

##EDIT##
Or just as likely to be the buffer issue here:http://support.microsoft.com/kb/2452980
Alas, neither route fixes the problem.

Anyone?

 

[Knubje]

You mentioned your old ISA (2006?) configuration? Are those servers virutalised? Are they on the same host? Do they all have the same version of VMWare tools (or whatever hyperV equivalent is?)

When you say VPN connection is slow, do you mean the user experience of it? When you connect does it take forever to connect/auth and then forever to do anything once you are connected?

Have you tried running any trace routes from when you are connected to see if any major delays in any networking hops?

Does the same thing happen with one user being connected against your full capacity?

Anything interesting set in the flood mitigation options? Does VPN run through a load balancer or any other hardware before it comes to those servers?

Finally, not teaching to suck eggs, but is there anything of interest in any of the windows server logs?

One last thing I'd do is to run some perfmon counters specifically ones for ISA Firewall, memory and network use.

 

[morfmedia]

Worth trying the usual, disable RSS, TCP Chimney, all the offloads etc on both VM and host etc? I'd be inclined to raise a ticket with MS if you have support, they've always been awesome for us.