Link to home
Start Free TrialLog in
Avatar of Sparetimeinc
Sparetimeinc

asked on

VPN issues

I have recently set up new VPN connections to all of my remote sites.  Since I have done this, my core application for my company has started having issues.  We did not have the problems when we were on Frame Relay circuits.  We have at each remote location Cisco ASA 5505 firewalls coming back to a 5510 at my corporate location.  I have ran ping sessions from the server of my core app back out to my remote sites and have had very minimal packet loss.  I have checked the VPN status and have had no reconnects or drops.  I have ran Wireshark on the core app server and found nothing unusual.  The bulk of my problems tend to happen in the morning between 5am and 7am pst.  It also happens when the computer has been inactive for a while.  The application we are running is Checkfree's Club Manager software.  We are using the E-touch POS application.  Is anybody aware of any bugs in the ASA 5505's that could be causing a problem?
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Sparetimeinc
Sparetimeinc

ASKER

My remote locations are all relatively close to my corporate site.  The farthest being about 50 miles away and the closest less than a mile.  We have internet t1's at each remote site with a 6mb pipe coming into my corporate location.  When the problems are occurring, there is not a lot of traffic on our network at that time. We run health clubs and they open around 5am in the morning.  Most of the general staff does not arrive until about 9am.  Most of my locations were running off of 256k frame relay lines prior.  They now have internet t1's.  Bandwidth should not be an issue.

Lee
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Tracert and ping all run fine.  We are not doing anything unusual at that time of the day.  This just seems to be the time of day that the application acts up most at my remote sites.  Since we have put in the new circuits and the VPN's our check in application and POS application both have errors and freeze on the local workstations.  
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The circuit is fine.  The computer does  not go into sleep mode.  I will have to check the nic.  I thought about the NIC, but ruled it out since I never had these problems on my old frame relay circuits.  Would a VPN connection be more sensitive to a NIC going into sleep mode?

Lee
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
We have renegotiation set for every 24 hours.  The problems mostly occur in the early morning and when the pc's have been idle for a while.  All of my circuits were turned up and the VPN's created with in a two week period of each other.  I have a total of 11 remote locations connected via VPN's back to my corporate office.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I do not  see any entries that look like the above in my config.  Below are the only references I have to timeout settings on my PIX:

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute

lifetime 86400

Thanks,

Lee
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Only ASA's at each location.  There is a cisco 2600 router in front of each ASA, but the vpn is created at the ASA.  We have the set the time outs to 24 hours.  I have gone ahead at two of my remote location and turned off the power mangement on the nics of the problem PC's.  I do not know if this will help, but it can not hurt either.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial