VPN Issue, connection unserviceable after initial connection succeeds

VPN Issue, connection unserviceable after initial connection succeeds

Post by Robert L [ » Tue, 12 Sep 2006 22:37:54


his is a multi-part message in MIME format.


It can be MTU issue (check the link below). Also why don't you setup site to site VPN?

VPN connection is disconnected after serveral minutes VPN connection is disconnected after several minutes. We have been seeing more and more cases like this one. We don't really know the causes, ...
www.chicagotech.net/VPN/vpn3minutes.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"astochlia" < XXXX@XXXXX.COM > wrote in message news: XXXX@XXXXX.COM ...
Hi all,
I am having some issues with my point-to-point vpn. I have two
servers set up across the Internet and am trying to connect them using
the persistent vpn connection (branch office type). I have set up the
interfaces and the corresponding user accounts for the "routers" (the
routers are the two servers I am using as endpoints).
I have two server 2003 machines, one natting a 10.100.0.0 (class C)
and another across the Internet that nats a 192 network. I am trying
to have a route so that computers on the 10.100.0.0 net can see
machines on the 192 network.
When I establish the connection, everything works great. I can ping
across the subnets, RDP, exactly what I want(except for DNS, but that's
another issue).
The problem is that after about 10 minutes or so I can't send packets
across the router. The interface still shows as connected, but the 10
subnet can't get to the 192 net, and vice versa.
I used the wiazrd to set this up on both ends. I can't figure this
one out. I thought maybe I needed KB875501, but MS informed me that
particular hotfix is included in SP1.

Any ideas?

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>It can be MTU issue (check the link below). Also why don't you setup site
to site VPN?</DIV>
<DIV> </DIV>
<DIV><A class=l href="http://www.chicagotech.net/VPN/vpn3minutes.htm"><FONT
color=#663399><B>VPN</B> connection is disconnected after serveral
<B>minutes</B></FONT></A>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD class=j><FONT size=-1><B>VPN</B> connection is disconnected after
<B>several minutes</B>. We have been seeing more and more cases like this
one. We don really know the causes, <B>...</B><BR><FONT color=#008000><A
href="http://www.chicagotech.net/VPN/vpn3minutes.htm">www.chicagotech.net/<B>VPN</B>/<B>vpn</B>3<B>minutes</B>.htm</A>
</FONT></FONT></TD></TR></TBODY></TABLE></DIV>
<DIV><BR>Bob Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet, Routing, VPN
Troubleshooting on <A
href="http://www.ChicagoTech.net">http://www.ChicagoTech.net</A> <BR>How to
Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com
 
 
 

VPN Issue, connection unserviceable after initial connection succeeds

Post by astochli » Wed, 13 Sep 2006 05:01:43

Hi all,
I am having some issues with my point-to-point vpn. I have two
servers set up across the Internet and am trying to connect them using
the persistent vpn connection (branch office type). I have set up the
interfaces and the corresponding user accounts for the "routers" (the
routers are the two servers I am using as endpoints).
I have two server 2003 machines, one natting a 10.100.0.0 (class C)
and another across the Internet that nats a 192 network. I am trying
to have a route so that computers on the 10.100.0.0 net can see
machines on the 192 network.
When I establish the connection, everything works great. I can ping
across the subnets, RDP, exactly what I want(except for DNS, but that's
another issue).
The problem is that after about 10 minutes or so I can't send packets
across the router. The interface still shows as connected, but the 10
subnet can't get to the 192 net, and vice versa.
I used the wiazrd to set this up on both ends. I can't figure this
one out. I thought maybe I needed KB875501, but MS informed me that
particular hotfix is included in SP1.

Any ideas?

 
 
 

VPN Issue, connection unserviceable after initial connection succeeds

Post by astochli » Wed, 13 Sep 2006 06:40:09

hat is the difference with site-to-site vpn? In essence, isn't what I
am doing a site-to-site? If there is a better way, how do I set that
up?

Robert L [MVP - Networking] wrote:

 
 
 

VPN Issue, connection unserviceable after initial connection succeeds

Post by astochli » Wed, 13 Sep 2006 07:49:15

Yeah, I set this up using the demand-dial interface wizard and then
changed the type to persistent connection. I followed the example from
Microsoft that details setting up a branch office vpn. I don't
understand why it works initially then fails, especially because the
interfaces still show "connected" I rebooted both servers and it has
been working successfully for about 10 hours now, that makes me think
maybe it is an issue with the driver code. I'll look for updated
drivers tomorrow. Other than that, I am at a loss.
I read the article on MTU size, and discerned that the MTU for that
connection is 1372 bytes, I will also make those adjustments. I'll
post back here if I find the culprit. Thanks for the replies.
 
 
 

VPN Issue, connection unserviceable after initial connection succeeds

Post by Robert L [ » Wed, 13 Sep 2006 13:28:07

his is a multi-part message in MIME format.


You may already did. What I mean is Demand-Dial VPN.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"astochlia" < XXXX@XXXXX.COM > wrote in message news: XXXX@XXXXX.COM ...
What is the difference with site-to-site vpn? In essence, isn't what I
am doing a site-to-site? If there is a better way, how do I set that
up?

Robert L [MVP - Networking] wrote:
> It can be MTU issue (check the link below). Also why don't you setup site to site VPN?
>
> VPN connection is disconnected after serveral minutes VPN connection is disconnected after several minutes. We have been seeing more and more cases like this one. We don't really know the causes, ...
> www.chicagotech.net/VPN/vpn3minutes.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "astochlia" < XXXX@XXXXX.COM > wrote in message news: XXXX@XXXXX.COM ...
> Hi all,
> I am having some issues with my point-to-point vpn. I have two
> servers set up across the Internet and am trying to connect them using
> the persistent vpn connection (branch office type). I have set up the
> interfaces and the corresponding user accounts for the "routers" (the
> routers are the two servers I am using as endpoints).
> I have two server 2003 machines, one natting a 10.100.0.0 (class C)
> and another across the Internet that nats a 192 network. I am trying
> to have a route so that computers on the 10.100.0.0 net can see
> machines on the 192 network.
> When I establish the connection, everything works great. I can ping
> across the subnets, RDP, exactly what I want(except for DNS, but that's
> another issue).
> The problem is that after about 10 minutes or so I can't send packets
> across the router. The interface still shows as connected, but the 10
> subnet can't get to the 192 net, and vice versa.
> I used the wiazrd to set this up on both ends. I can't figure this
> one out. I thought maybe I needed KB875501, but MS informed me that
> particular hotfix is included in SP1.
>
> Any ideas?
>
> ------=_NextPart_000_003D_01C6D5B8.3F587BA0
> Content-Type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> X-Google-AttachSize: 3197
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2963" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>It can be MTU issue (check the link below). Also why don't you setup site
> to site VPN?</DIV>
> <DIV> </DIV>
> <DIV><A class=l href="http://www.chicagotech.net/VPN/vpn3minutes.htm"><FONT
> color=#663399><B>VPN</B> connection is disconnected after serve