• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3003
  • Last Modified:

VPN connection freezes after a brief period of time (roughly 15 minutes)

I use remote desktop to connect to my work machine over a company VPN.  I am having some difficulties keeping a connection for anything more than a brief period of time.  It will always last about 10 minutes, and occasionally almost 20 minutes, but it usually freezes after about 15 minutes.  The VPN does not disconnect, but the remote desktop becomes unresponsive (grays out) and I can no longer access any network resources.  If I disconnect and reconnect the VPN the remote desktop connection will resume successfully.  I've seen a few posts on here suggesting the culprit might be the DHCP lease time, but I don't have control over any of the company VPN settings.

Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
1 Solution
Rob WilliamsCommented:
Unlikely the DHCP lease time would be that short. It could be several things, but my thoughts would be a screen saver kicking in, or MTU settings. If it freezes while working, it is not a screen saver (they can do some weird things with remote desktop). More likely it is the MTU (Maximum Transmission Unit) packet size configuration. The default for most systems is 1500, PPPoE and some VPN connections use lower settings. I would try changing to 1300 and see if there is any improvement. If better, try raising in steps of 20 until the problem re-occurs. This is normally done on the workstation using the DrTCP tool:
However if you are using the Cisco client you should be able to adjust on the client by right clicking on the Cisco connection and choosing modify. If possible it is also recommended changing the router at your end as well.
Try updating the firmware on the office router and your router.  Also make sure that they are not overheating.  Make sure you have the latest version of your VPN client.  
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

what kind of client are you using, is it a cisco vpn one
dfu23Author Commented:

I started some initial testing (by setting my MTU to 1300) and it appears like it is helping.  Before accepting your answer, I wanted to ask some related follow-up questions.

1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine.  Is there a particular reason?  Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs?  What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
Rob WilliamsCommented:
Hi dfu23. I was away fr a day, sorry for the slow response.

1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.

2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.

3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
 576-  recommended for dial-up connections
dfu23Author Commented:
As a final comment, lowering the MTU helped the issue of being disconnected.  The performance was still not particularly good, though.  Switching to the Cisco VPN client resolved the disconnect issue and runs fairly quickly.
Rob WilliamsCommented:
Thanks dfu23.
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now