adelf
asked on
VPN connection fails occasionally !
What happens is that when trying to dial VPN from one of the PC's on the LAN, i succeed occasionally to establish the connection, but in most cases connection fails and what i feel is that the time out value of the VPN server is not letting me to accomplish the process successfully since it works once and fails most of the time especially when the LAN's bandwidth is highly utilized ( congestion )........Is it that the VPN server on the other side of the world requiring authentication in a short period of time that i cannot reach due to the lack of internet bandwidth shared on the network ??? Is there any other reason that could be behind the occasional failure ?? What are the initial steps, or any workaround on the clients PC to improve VPN connectivity response ??
Please advice.
P.s ( when i used a separate ADSL line ( no bandwidth shared with other PCs) i never faced a single login failure to the same VPN server, from same PC )
Please advice.
P.s ( when i used a separate ADSL line ( no bandwidth shared with other PCs) i never faced a single login failure to the same VPN server, from same PC )
ASKER
Ok i talked to the Security administrator and he required having the following protocols and ports opened and enabled to access his vpn server and get through his firewall :
PPTP 1723
Telnet 259
Protocol GRE 47
Today when trying to dial vpn from one of the concerned PC's, i got the authentication window, entered the correct username and password, waited for sometime, seemed to be working but after about 10 secs of negociations, connection failed !!!!
My question now is should those protocols have INBOUND and OUTBOUNT access ??? because what i believe is that our firewall passes only the Outbound packets....Aren't the mentioned protocols enabled by default in the 501 pix firewall ? What should be done ??
PPTP 1723
Telnet 259
Protocol GRE 47
Today when trying to dial vpn from one of the concerned PC's, i got the authentication window, entered the correct username and password, waited for sometime, seemed to be working but after about 10 secs of negociations, connection failed !!!!
My question now is should those protocols have INBOUND and OUTBOUNT access ??? because what i believe is that our firewall passes only the Outbound packets....Aren't the mentioned protocols enabled by default in the 501 pix firewall ? What should be done ??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Robwill,
Its a customized version of client to server VPN connection ( used by a certain company ) and not a cisco or windows client......the error was in german but according to what i was told, it means firewall error, please check your firewall settigns, and the message appeared after the authentication level was accomplished.....
Rajesh,
Unfortunately,its not a cisco client and i didnt find any option to decrease the MTU value on that VPN client software !
Any other hints ?
Its a customized version of client to server VPN connection ( used by a certain company ) and not a cisco or windows client......the error was in german but according to what i was told, it means firewall error, please check your firewall settigns, and the message appeared after the authentication level was accomplished.....
Rajesh,
Unfortunately,its not a cisco client and i didnt find any option to decrease the MTU value on that VPN client software !
Any other hints ?
I'm not quite following here, if it succeeds occasionally then how come there are no firewall problems ?
To reduce the MTU size on the windows box, you can find the information here;
http://www.winguides.com/registry/display.php/280/
Cheers,
Rajesh
To reduce the MTU size on the windows box, you can find the information here;
http://www.winguides.com/registry/display.php/280/
Cheers,
Rajesh
adelf , where you can establish a connection and not maintain it, it does sound like it may be an MTU issue. See if you can adjust on the PC and it's local router using the instructions I provided in my first post or using rsivanandan 's link, and see if there is any improvement. I am assuming this is not a satellite based connection ??
Interested ??
Cheers,
Rajesh
Cheers,
Rajesh
lol @ Rajesh. Lets see if the asker is as well......
It can also be to high an MTU value. (Maximum Transmission Unit) for the connection. Have a look at the following sites for an explanation of the problem, how to test, and how to change. If you wish to make changes, it should be set on the connecting computer ant it's local router if possible.
http://www.dslreports.com/faq/7752
http://www.dslreports.com/faq/5793
http://www.chicagotech.net/vpnslow.htm