VPN connection freezes after a brief period of time (roughly 15 minutes)

Posted on 2006-06-28
Last Modified: 2008-01-09
I use remote desktop to connect to my work machine over a company VPN.  I am having some difficulties keeping a connection for anything more than a brief period of time.  It will always last about 10 minutes, and occasionally almost 20 minutes, but it usually freezes after about 15 minutes.  The VPN does not disconnect, but the remote desktop becomes unresponsive (grays out) and I can no longer access any network resources.  If I disconnect and reconnect the VPN the remote desktop connection will resume successfully.  I've seen a few posts on here suggesting the culprit might be the DHCP lease time, but I don't have control over any of the company VPN settings.

Local machine: Windows XP, Toshiba cable modem, Linksys Router, Windows firewall disabled
Remote machine: Windows XP, Windows firewall disabled
Company VPN: I'm pretty sure it's Cisco based
Question by:dfu23
LVL 30

Expert Comment

ID: 17002449
LVL 77

Accepted Solution

Rob Williams earned 250 total points
ID: 17002481
Unlikely the DHCP lease time would be that short. It could be several things, but my thoughts would be a screen saver kicking in, or MTU settings. If it freezes while working, it is not a screen saver (they can do some weird things with remote desktop). More likely it is the MTU (Maximum Transmission Unit) packet size configuration. The default for most systems is 1500, PPPoE and some VPN connections use lower settings. I would try changing to 1300 and see if there is any improvement. If better, try raising in steps of 20 until the problem re-occurs. This is normally done on the workstation using the DrTCP tool:
However if you are using the Cisco client you should be able to adjust on the client by right clicking on the Cisco connection and choosing modify. If possible it is also recommended changing the router at your end as well.

Expert Comment

ID: 17004041
Try updating the firmware on the office router and your router.  Also make sure that they are not overheating.  Make sure you have the latest version of your VPN client.  
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Expert Comment

ID: 17004976
what kind of client are you using, is it a cisco vpn one
LVL 14

Author Comment

ID: 17013333

I started some initial testing (by setting my MTU to 1300) and it appears like it is helping.  Before accepting your answer, I wanted to ask some related follow-up questions.

1. What, if any, benefits are there to using the Cisco VPN client instead of the built-in Windows VPN that I currently use?
2. You recommended I change the router on my home machine.  Is there a particular reason?  Do you have any recommendations?
3. Is there a typical or recommended MTU size when connecting to VPNs?  What factors would affect which MTU settings a typical user would want to choose (specifically with respect to VPNs, not just dial-up vs. broadband)?
LVL 77

Expert Comment

by:Rob Williams
ID: 17022350
Hi dfu23. I was away fr a day, sorry for the slow response.

1) If you have the option of using the Cisco client it is the better option, though the Windows client should work properly. Using the Cisco client is slightly more secure due to the fact that it uses IPSec rather than PPTP, and the VPN client connects directly to the Cisco router rather that the server behind it so no ports need to be opened. Also, the Cisco client should give you a little better performance, as you have a dedicated device looking after encrypting and un-encrypting. On other, you can better control the client options for the end user with the Cisco client.

2) I apologize, I meant if still having connection issues, try changing the router as a test. Linksys routers are fine for home and small offices. If you did want to switch the best option is a compatible Cisco router. Cisco are the most dependable, secure, and offer the best support. With this you could also establish a site to site tunnel, instead of a client to site. However, this is not necessary.

3) In most cases the MTU is automatically configured and works fine. However, if you are having problems, the recommended procedure is, keep dropping it until your application works. Reducing it substantially can reduce performance with some other applications such as basic web browsing, though between 1300 and 1500 is usually fine for most situations. Some guidelines are:
1500- default for most connections except PPPoE/PPPoA, and VPN's
1492- recommended for PPPoE connections
1472- recommended maximum when wanting to do un-fragmented ping tests
1460- can be used for AOL although may not work with large e-mail attachments
1460- recommended for L2TP VPN's
1430- recommended PPTP VPN's
1400- recommended AOL
 576-  recommended for dial-up connections
LVL 14

Author Comment

ID: 17042403
As a final comment, lowering the MTU helped the issue of being disconnected.  The performance was still not particularly good, though.  Switching to the Cisco VPN client resolved the disconnect issue and runs fairly quickly.
LVL 77

Expert Comment

by:Rob Williams
ID: 17044803
Thanks dfu23.
Sounds like your network or ISP prefers IPSec over PPTP. PPTP is blocked by some ISP's but that would block it all together rather than freeze up. Regardless, glad to hear you have resolved. Thanks for the update, good to know. At least using the Cisco client is a better option rather than having to move to a compromise. If you lowered the MTU while trying to diagnose the problem you should likely raise it back to the default to improve performance.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question