Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


VPN connection freezes after a brief period of time (roughly 15 minutes)

Posted on 2006-06-28
Medium Priority
Last Modified: 2008-01-09
I use remote desktop to connect to my work machine over a company VPN.  I am having some difficulties keeping a connection for anything more than a brief period of time.  It will always last about 10 minutes, and occasionally almost 20 minutes, but it usually freezes after about 15 minutes.  The VPN does not disconnect, but the remote desktop becomes unresponsive (grays out) and I can no longer access any network resources.  If I disconnect and reconnect the VPN the remote desktop connection will resume successfully.  I've seen a few posts on here suggesting the culprit might be the DHCP lease time, but I don't have control over any of the company VPN settings.

Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
Question by:dfu23
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Expert Comment

ID: 17002449
LVL 77

Accepted Solution

Rob Williams earned 750 total points
ID: 17002481
Unlikely the DHCP lease time would be that short. It could be several things, but my thoughts would be a screen saver kicking in, or MTU settings. If it freezes while working, it is not a screen saver (they can do some weird things with remote desktop). More likely it is the MTU (Maximum Transmission Unit) packet size configuration. The default for most systems is 1500, PPPoE and some VPN connections use lower settings. I would try changing to 1300 and see if there is any improvement. If better, try raising in steps of 20 until the problem re-occurs. This is normally done on the workstation using the DrTCP tool:
However if you are using the Cisco client you should be able to adjust on the client by right clicking on the Cisco connection and choosing modify. If possible it is also recommended changing the router at your end as well.

Expert Comment

ID: 17004041
Try updating the firmware on the office router and your router.  Also make sure that they are not overheating.  Make sure you have the latest version of your VPN client.  
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 17004976
what kind of client are you using, is it a cisco vpn one
LVL 14

Author Comment

ID: 17013333

I started some initial testing (by setting my MTU to 1300) and it appears like it is helping.  Before accepting your answer, I wanted to ask some related follow-up questions.

1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine.  Is there a particular reason?  Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs?  What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
LVL 77

Expert Comment

by:Rob Williams
ID: 17022350
Hi dfu23. I was away fr a day, sorry for the slow response.

1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.

2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.

3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
 576-  recommended for dial-up connections
LVL 14

Author Comment

ID: 17042403
As a final comment, lowering the MTU helped the issue of being disconnected.  The performance was still not particularly good, though.  Switching to the Cisco VPN client resolved the disconnect issue and runs fairly quickly.
LVL 77

Expert Comment

by:Rob Williams
ID: 17044803
Thanks dfu23.
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question