Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Netgear FVS 318 Dropping VPN Connection

Posted on 2006-11-08
5
Medium Priority
?
1,889 Views
Last Modified: 2012-06-27
Hello Experts,

We have several VPN tunnels that connect Windows 2003 Servers to an AIX box. At the Windows servers we are using the Netgear FVS 318 (version 2.4 - 3.1) and on the AIX side we connect to a BSD box that functions as a VPN router. These tunnels are IPSec based with AES 256 encryption (Healthcare Information) and transfer data back and forth through FTP services. Some of the connections are getting Dropped at night when the system is Idle. The Netgears show the connection as Established but the AIX is unable to FTP into it, we have to go in and DROP then re-establish the connection on the Netgears, then all is good again.

We have 12 of these running and its getting tiresome to have to do this every morning. Before we throw the Netgears out and drop the big bucks on Cisco does anyone have any suggestions? I have of course set the IKE Keep Alive and the Ping IP address to the AIX Server.

Any help will be greatly appreciated,

Jack W
0
Comment
Question by:JackW9653
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 17901130
A few things you might want to check:
-Are these PPPoE connections by any chance?  If so, in the router wan configuration, make sure The "idle Time out" is set to 0  this will disable time outs.
-Also on the Net gears, under the VPN policy, there is a keep alive option where you can provide an IP, preferably at the remote VPN site, to ping on a regular basis to maintain the connection.
-On any servers or PC's check the Power Management section of the network adapter. Most newer cards have this option and Windows seems to enable "allow this computer to turn off this device to save power" by default.
0
 

Author Comment

by:JackW9653
ID: 17901365
Hello Rob,

Thanks for the reply. I will answer your questions in order:
- I don't think that any of the connections are over DSL which is where I have seen the PPPoE issue, but I will verify that. Also I could not find a WAN Configuration area of the router setup.
- As I mentioned in my original question I have checked the IKE Keep Alive and used the address of the remote AIX box
- I hadn't thought of the NIC going to sleep on me - I will check that out.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17902565
-quite right if not a DSL connection it will not be PPPoE.
The WAN section on an FVS318 is actually called "Basic Settings". If you have PPPoE connection the First item "Does your Internet Connection require a logon" will be marked Yes.
-sorry I somehow missed your comment about having enabled the keep alive. Having that enabled should make the PPPoE  alive feature, if you had PPPoE, and power management, not an issue anyway, as it would maintain an active connection. Sorry no other ideas.

I often set up a small utility called IPMonitor when having connection issues. It is basically a ping tool that can be set to monitor multiple IP's by pinging them every minute and then create an error log when the connection is dropped. I set it up to monitor a local machine, the router's LAN IP, the ISP's modem (your ISP's gateway address), and Internet IP such as a DNS server, and a device at the other end of the VPN tunnel. Though this won't solve anything, it does help to show where the connection is dropped, how often and for how long.
http://ipmonitor.tsarfin.com/
0
 

Author Comment

by:JackW9653
ID: 17909295
The NIC card was the key! Thanks Rob - I wonder who at Dell decided that they needed to PowerSave on a Server? The total resolution was to increase the SA Life time to 16 hours and turn off the powersave on the NIC.

Thanks Again,

Jack
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17909399
>>"wonder who at Dell decided that they needed to PowerSave on a Server"
I think that is actually Microsoft. Can't be live it is even an option, but it has been common lately.

Thanks Jack
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question