dfu23
asked on
VPN connection freezes after a brief period of time (roughly 15 minutes)
I use remote desktop to connect to my work machine over a company VPN. I am having some difficulties keeping a connection for anything more than a brief period of time. It will always last about 10 minutes, and occasionally almost 20 minutes, but it usually freezes after about 15 minutes. The VPN does not disconnect, but the remote desktop becomes unresponsive (grays out) and I can no longer access any network resources. If I disconnect and reconnect the VPN the remote desktop connection will resume successfully. I've seen a few posts on here suggesting the culprit might be the DHCP lease time, but I don't have control over any of the company VPN settings.
Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try updating the firmware on the office router and your router. Also make sure that they are not overheating. Make sure you have the latest version of your VPN client.
what kind of client are you using, is it a cisco vpn one
ASKER
RobWill,
I started some initial testing (by setting my MTU to 1300) and it appears like it is helping. Before accepting your answer, I wanted to ask some related follow-up questions.
1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine. Is there a particular reason? Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs? What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
I started some initial testing (by setting my MTU to 1300) and it appears like it is helping. Before accepting your answer, I wanted to ask some related follow-up questions.
1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine. Is there a particular reason? Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs? What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
Hi dfu23. I was away fr a day, sorry for the slow response.
1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.
2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.
3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
576- recommended for dial-up connections
1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.
2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.
3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
576- recommended for dial-up connections
ASKER
As a final comment, lowering the MTU helped the issue of being disconnected. The performance was still not particularly good, though. Switching to the Cisco VPN client resolved the disconnect issue and runs fairly quickly.
Thanks dfu23.
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.
--Rob
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.
--Rob
Reps