Solved

VPN connection freezes after a brief period of time (roughly 15 minutes)

Posted on 2006-06-28
8
2,748 Views
Last Modified: 2008-01-09
I use remote desktop to connect to my work machine over a company VPN.  I am having some difficulties keeping a connection for anything more than a brief period of time.  It will always last about 10 minutes, and occasionally almost 20 minutes, but it usually freezes after about 15 minutes.  The VPN does not disconnect, but the remote desktop becomes unresponsive (grays out) and I can no longer access any network resources.  If I disconnect and reconnect the VPN the remote desktop connection will resume successfully.  I've seen a few posts on here suggesting the culprit might be the DHCP lease time, but I don't have control over any of the company VPN settings.

Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
0
Comment
Question by:dfu23
8 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 17002449
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 17002481
Unlikely the DHCP lease time would be that short. It could be several things, but my thoughts would be a screen saver kicking in, or MTU settings. If it freezes while working, it is not a screen saver (they can do some weird things with remote desktop). More likely it is the MTU (Maximum Transmission Unit) packet size configuration. The default for most systems is 1500, PPPoE and some VPN connections use lower settings. I would try changing to 1300 and see if there is any improvement. If better, try raising in steps of 20 until the problem re-occurs. This is normally done on the workstation using the DrTCP tool:
http://www.dslreports.com/drtcp
However if you are using the Cisco client you should be able to adjust on the client by right clicking on the Cisco connection and choosing modify. If possible it is also recommended changing the router at your end as well.
0
 
LVL 1

Expert Comment

by:benab
ID: 17004041
Try updating the firmware on the office router and your router.  Also make sure that they are not overheating.  Make sure you have the latest version of your VPN client.  
0
 
LVL 1

Expert Comment

by:mbavisi
ID: 17004976
what kind of client are you using, is it a cisco vpn one
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Author Comment

by:dfu23
ID: 17013333
RobWill,

I started some initial testing (by setting my MTU to 1300) and it appears like it is helping.  Before accepting your answer, I wanted to ask some related follow-up questions.

1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine.  Is there a particular reason?  Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs?  What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17022350
Hi dfu23. I was away fr a day, sorry for the slow response.

1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.

2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.

3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
 576-  recommended for dial-up connections
0
 
LVL 14

Author Comment

by:dfu23
ID: 17042403
As a final comment, lowering the MTU helped the issue of being disconnected.  The performance was still not particularly good, though.  Switching to the Cisco VPN client resolved the disconnect issue and runs fairly quickly.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17044803
Thanks dfu23.
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.
--Rob
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now