WatchGuard VPN client connection is dropped intermittently

My remote users connect to the corporate office using WatchGuard VPN Client on Windows XP.  In the corporate office is a FireBox X Edge X55e.

Most of the time, clients can connect and use the FireBox to connect remotely to their desktops using Remote Desktop Connection.  On enough occasions to warrant this post, however, the connection drops without warning in the middle of their session.  There does not seem to be any particular task they are doing, they just loose connectivity.  The way they know this is not that WatchGuard produces an error, but simply that there Remote Desktop ends the session with the standard, "The computer can't connect to the remote computer" message from Remote Desktop.  

Besides that, the WatchGuard monitor in the tooltray, and the WatchGuard monitor screen still indicates a connection is established and active (Green Light!).

In order for the user to get "back in". They must click the "Disconnect" button, and then click the "Connect" button again.  This will re-establish the connection, and they can work again.  A few minutes later, the same thing happens.

There are some errors in the log such as:

"iked Received a packet from an unknown SA"
"kernel checkout_cb: freelist exhausted"

Since this is intermittent, it's very hard to track.  Is anyone else having this problem?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I tried searching for the kernel error but unable to find anything specific:
>> kernel checkout_cb: freelist exhausted

If you have current support contract with Watchguard I would suggest you to chcek with them what this entry indicates; to me; this entry indicates some exhaustion [may be memory]; if that is the case; it can be a potential bug in the code.

Regarding the problem I would like to know the frequency with which the problem occurs; is it specific to specific user/time; or can you check if the problem happens when the box is under heavy load. When the problem occurs is it possible for you to take a snapshot of the current memory and CPU utilization; also, the traffic load and number of remote users logged in.

Finally, if you also paste some logs from the client that might be helpful as well.

Please check and update.

Thank you.
Shagrat13Author Commented:
dpk wall:
Thanks for your message.  Since the problem is intermittent, I cannot check on the items you suggested.  Typically a user will come in the next day, or send an email messge at the end of the day that they were kicked off X number of times.  This weekend, I kept a session open for a full 48 hours without interruption.  I had Remote Desktop open over the VPN, and had a program reading a writing 2MB chunks to a file just for a lot of traffic.  Not once did I drop the connection.  During this test, I had no other programs open, including Outlook.
I also physically unplugged my machine (ethernet cable), and then plugged it back in about 20 seconds later.  The VPN picked back up with no problem.
I have a ticket in with Watchguard to check on the problem.  I don't have any client logs yet, as I was just assigned the problem on Fri.
The only common thread I can find so far is Outlook seems to be in use at the times the outages are reported.  This can be Outlook on the client side using Exchange mode (not POP3 or IMAP), or Remote Desktop with Outlook running on the users desktop.  We are also using Microsoft CRM 3.0.
I am not sure what is the exact cause of problem; as I said it looks to me some sort of resource exhaustion [in most probability memory or inherent data structure].

I do not think that the problem is related to Outlook; it might be to do with the total amount of traffic combined with sessions, CPU load and memory consumption; as you were logged in as single user the resource limits were not pushed and hence you did not encounter the problem.

I would suggest you to monitor the unit for some days and see if you get any specific logs; other than the ones you have already posted. It would be interesting to see what we get to see.

Please check and update.

Thank you.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
So are you saying it was a memory exhaustion issue after you talked to WG support?  If so, what was the resolution to the original issue?  Newer watchguard with more memory?  Software upgrade?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.