VPN PPTP tunnel to Windows 2003 server dropping
Posted on 2008-06-20
I have an issue with VPN connection to our company server farm.
One of our servers resides in DMZ zone and serves as application frontend server for OWA (also Exchange proxy for RPC over HTTP), VPN and some web sites. With OWA, Outlook and web sites there are no problems, while *some* of the users have prooblems with VPN.
VPN uses simple PPTP protocol, and first connection is always OK. But after some time, usually after an hour or two, VPN tunnel stops responding - VPN connection still shows status "Connected", but none of remote resources are available anymore.
If I disconnect and try to reconnect imidiatelly, VPN dialup authentication stops with "Verifying username and password" and produces Error 628. I need to wait at least 5 minutes to reconnect sucessfully.
But even after 5 minutes, VPN brokes down again very quickly, after 5 or 10 minutes, so if I want to work remotelly for longer time, I need to wait at least 30 or 60 minutes before redialing VPN.
What I tried already:
- I checked VPN log on our server, but those failed retries and drops are not visible anywhere
- Checked Event Log under Security events, but no authentication errors are detected
- Since we were on 4 Mbps ADSL, I requested line improvements and now we are on 100 Mbps Optical fibre with all new networking equipment (previously ADSL modem -> D-LINK DFL-1600 firewall, now we have Fibre-to-Ethernet converter -> Cisco 2811 router & firewall)
Cisco is configured to accept and forward GRE protocol and port 1723 to our RRAS server.
I still don't know which part of VPN tunnel is causing problems - is it client side, maybe firewall, or our RRAS server.
Any idea how to diagnose the problem?