locked
DA Session setup times RRS feed

  • Question

  • How long should a DA session take to establish under optimal conditions?  I realize that network bandwidth, ping times and server load would skew the time considerably, but assuming a high quality dedicated link >10Mbps, little to no traffic on the UAG server and ping times sub 30ms? When a client computer wakes from sleep or hibernation (eg opeing the laptop lid) it can take up to 2 minutes for DA to start working. My only basis for comparison is the sonicwall global VPN client that takes only a few seconds. Why does DA take so long? Is there something that can be done to speed up this connection time?
    Thursday, July 7, 2011 9:42 PM

Answers

  • Typically it only takes a few seconds, if that. As MrShannon said, don't take the Connectivity Assistant's word for it. It's slow to update and sometimes just simply reports incorrectly just for the fun of it.

    It's also important to note that only the first "Infrastructure" IPsec tunnel establishes automatically. Your second "Intranet" IPsec tunnel doesn't establish itself until the user makes an intranet server request. So if you're monitoring IPsec tunnels for your reference as to how long it takes, that also needs to be considered.

    • Marked as answer by Erez Benari Friday, August 26, 2011 11:33 PM
    Monday, July 11, 2011 1:37 PM

All replies

  • how many concurrent users do you have when it's slow?

    did you configure a DNS server ip on the internet facing interface?

    h2h

    Friday, July 8, 2011 8:11 AM
  •  

    Less than 10 users.  It is a two server array with nework load ballancing and the DNS servers are configured on the LAN interface to the WAN per the UAG Guide.

     

     

     

    Friday, July 8, 2011 2:53 PM
  • How are you gauging the time that it takes to turn up DirectAccess?  If you are using the status shown by the DirectAccess Connectivity Assistant, that is not a particularly accurate reflection of when connectiovity is established.  It merly shows when the connetion validation tests complete sucessfully.

    See also http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/58ae4cd8-a4fc-4dde-a00d-157286aa6c74


    MrShannon | Concurrency Blogs | UAG SP1 DirectAccess Configuration Guide
    Sunday, July 10, 2011 4:55 PM
  • Typically it only takes a few seconds, if that. As MrShannon said, don't take the Connectivity Assistant's word for it. It's slow to update and sometimes just simply reports incorrectly just for the fun of it.

    It's also important to note that only the first "Infrastructure" IPsec tunnel establishes automatically. Your second "Intranet" IPsec tunnel doesn't establish itself until the user makes an intranet server request. So if you're monitoring IPsec tunnels for your reference as to how long it takes, that also needs to be considered.

    • Marked as answer by Erez Benari Friday, August 26, 2011 11:33 PM
    Monday, July 11, 2011 1:37 PM