I need help tweaking Microsoft VPN RAS service on W2k3

Posted on 2005-05-03
Last Modified: 2010-05-18
Experts: (you know who you are:-)

I recently migrated to W2K3 server. I set up Routing & Remote Access service using the default settings.
Without any real intervention is seems to work fairly well for the majority of my remote users. However, the New York office is having problems. There are two users out there and they can't seem to keep a solid connection to our RAS server via PPTP VPN. Two simultaneous connections seem to collide with each other causing intermittant client OS freezing, dropped outlook communications and/or inconsistent access to the File Shares here in SF. Now one or the other can solidly connect, but not two at the same time.

They connect to the Internet using Verizon DSL. That DSL Modem is setup as a bridge accepting a dynamic IP from Verizon. We put a Linksys router behind the bridge for NAT and DHCP for internal clients. Both client machines run Windows OSes. The problem is certainly looking like it has something to do with how the router or the DSL modem connection handles VPN requests and keep-alives -- it just can't seem to keep a solid line to SF...

So far, I've looked on the server and can see that both client computers can connect to the RRAS server, remarkably even at the same time. Each connection takes a unique VPN5-X port & IP Address from the scope. So I can rule out collision there. I cross-ref'd this with logs written in the Event Viewer and found no "booting" between either client machine.

So my thinking turns to the setup in New York:
1)  Does dynamic DSL have something to do with it?
2)  How about the router itself? (they use a Linksys BEFSR81 behind the Verizon Modem. it's config'd for PPPoE w/ DHCP turned on)
3)  What sort of network utilities are good to run in such instances? I have a hunch that packets are dropping en masse, how do I prove it...remember, I mentioned that on the client side neither workstation can keep a solid connection before freezing one or the other out (but on the server it still looks like both clients are connecting just fine).
4)  Should I consider asking Verizon to make some changes to the DSL Modem itself? If so, what do you recommend?

That's a hefty chunk to start with.

Any help is greatly appreciated...
-- seismicom --

Question by:seismicom
    LVL 5

    Accepted Solution

    Dynamic IP is probably the problem.  Test or ask Verizon (good luck with that) what their DHCP lease times are.  My bet is that it's a pretty short time and each time the Verizon DSL modem pulls another IP, your PPTP link fails.  

    If this is the case, see if you can upgrade to a business DSL account with static IP for that office.
    LVL 11

    Expert Comment

    by:NetoMeter Screencasts
    I've had exactly the same problem.
    Upgrading the firmware of the router solved the problem.

    Good Luck!

    LVL 4

    Expert Comment

    Check seems two question are correlated.

    Author Comment

    When I first ordered DSL service from Verizon, they told me that their basic dynamic package would support multiple VPN connections. So I called them out on that but none of engineers could deny nor confirm this statement. In typical fashion, what I got was, "VPN is outside our support SLA". They simply couldn't give me a definitive answer.

    What's important to know is that anytime you set yourself up with dynamically assigned DSL service, you'll probably have problems tunnelling two VPN connections at the same time. Better you upgrade to a static IP address.

    -- seismicom --

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now