Ok i've been racking my brain for the last 3 days over this and I can't seem to come up with any logical reason why this is happening. So i'm going to ask the question here to see if someone can point me in a different direction.

Here's my story:
I have 2 sites that are connected via a cisco 3005 vpn concentrator. All traffic going down the tunnel is fine except for HTTP traffic. When I try to access our source code control system via a browser it is taking up to 2 mins for it to display my results. This just started to happen on Tuesday and was consistant all day. I rebooted the concentrators Tuesday night and re-established the tunnels but it didn't seem to help.

I've rebooted both border routers and both firewalls. I've got IP accounting running on both routers and i'm not seeing any strange annomolies on either of them. I've ran reports on the T1 utilization for both sites and we are no way near saturating the pipes. My syslogs are not showing anything and my network probe isn't showing any strange packets flying around. I've scanned both networks for any trojans broadcasting or listening and haven't found a thing. I've rebooted the source code control server, looked at default gateways and route tables. Everything checks out fine.

I've gone over the vpn config time and time again and nothing has changed. Actually there is only 2 of us that have rights to change anything on it and neither of us have. There is NO QOS on any of the routers, switches or firewalls.

I've talked to AT&T and had them run some tests on the wire and there is no packet loss but some latency (which is to be expected). I've got my ping plotter and 3dtrace running and my ping times never exceed 200ms.

All other http traffic to the internet is fine, but any http traffic going thru the tunnel is slow. Again all other traffic going thru the tunnel is fine, i.e. rdp, mail, netbios etc..

Hate to dump all of this on you but i'm at a loss here, anyone have anyother ideas on this.


Thanks in advance.