Like Nick said, try bypassing the VPN... If you can, setup a CSG server and try using that... Besides the VPNs gateway, other things to look at is the firewall and any load-balancers in place. Joe -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of kenw@xxxxxxxx Sent: Sunday, March 13, 2005 11:41 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Can Internet-based WAN links be reliable? I'm looking for anyone who has found a way to get good reliable Citrix performance over the public Internet. Or is that an oxymonon? I have several clients using Internet-based connectivity for Citrix support of small remote offices. And I've just about run out of patience with erratic performance. Some sites seem to perform pretty well, some poorly, and the service is quite variable. Clients complain of jerkiness, slowness, and hung or dropped sessions. I've been using Citrix for 10 years. I've tuned the TCP stacks, set up keepalives, run packet traces, and so on. I've tried monitoring load, ping times and packet loss with MRTG. About the only thing I've ever found that really works is private networks -- but those are bloody expensive. High ping times are a rough predicter of performance problems, especially when combined with packet loss, or when due to very long haul or satellite connections. My endpoints are rarely overloaded, so there's not much I can do there. There are expensive products that claim to optimize intersite performance, but so far as I can see, those are all intended to optimise bandwidth on congested llinks. They really don't seem to offer much for unreliable connections with plenty of spare endpoint bandwidth, or for high-latency satellite links. But I can't claim to have tested them much. All of these offices are using DSL or Cable modems with static IPs and IPsec VPNs between Netopia (R910 or equivalent) NAT routers. In some cases, we also provide connections from remote individual PCs, using PPTP, to those same routers. None of these sites are currently using "bare" ICA sessions through open ports on the routers. I don't believe these issues are related to the use of VPN connections, but I can't swear to it. So I'm looking for success stories. What really works? /kenw Ken Wallewein K&M Systems Integration Phone (403)274-7848 Fax (403)275-4535 kenw@xxxxxxxx www.kmsi.net ******************************************************** This Weeks Sponsor: RTO Software TScale TScale provides a cost-effective way to improve performance, capacity and stability for thin-client servers like Citrix MetaFrame or Microsoft Terminal Services running Windows NT, 2000 or 2003. http://www.rtosoft.com/enter.asp?id)6 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor: RTO Software TScale TScale provides a cost-effective way to improve performance, capacity and stability for thin-client servers like Citrix MetaFrame or Microsoft Terminal Services running Windows NT, 2000 or 2003. http://www.rtosoft.com/enter.asp?id=296 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm