WatchGuard VPN client connection is dropped intermittently

Posted on 2008-10-17
Medium Priority
Last Modified: 2013-11-16
My remote users connect to the corporate office using WatchGuard VPN Client on Windows XP.  In the corporate office is a FireBox X Edge X55e.

Most of the time, clients can connect and use the FireBox to connect remotely to their desktops using Remote Desktop Connection.  On enough occasions to warrant this post, however, the connection drops without warning in the middle of their session.  There does not seem to be any particular task they are doing, they just loose connectivity.  The way they know this is not that WatchGuard produces an error, but simply that there Remote Desktop ends the session with the standard, "The computer can't connect to the remote computer" message from Remote Desktop.  

Besides that, the WatchGuard monitor in the tooltray, and the WatchGuard monitor screen still indicates a connection is established and active (Green Light!).

In order for the user to get "back in". They must click the "Disconnect" button, and then click the "Connect" button again.  This will re-establish the connection, and they can work again.  A few minutes later, the same thing happens.

There are some errors in the log such as:

"iked Received a packet from an unknown SA"
"kernel checkout_cb: freelist exhausted"

Since this is intermittent, it's very hard to track.  Is anyone else having this problem?

Question by:Shagrat13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 32

Expert Comment

ID: 22747731
I tried searching for the kernel error but unable to find anything specific:
>> kernel checkout_cb: freelist exhausted

If you have current support contract with Watchguard I would suggest you to chcek with them what this entry indicates; to me; this entry indicates some exhaustion [may be memory]; if that is the case; it can be a potential bug in the code.

Regarding the problem I would like to know the frequency with which the problem occurs; is it specific to specific user/time; or can you check if the problem happens when the box is under heavy load. When the problem occurs is it possible for you to take a snapshot of the current memory and CPU utilization; also, the traffic load and number of remote users logged in.

Finally, if you also paste some logs from the client that might be helpful as well.

Please check and update.

Thank you.

Author Comment

ID: 22757367
dpk wall:
Thanks for your message.  Since the problem is intermittent, I cannot check on the items you suggested.  Typically a user will come in the next day, or send an email messge at the end of the day that they were kicked off X number of times.  This weekend, I kept a session open for a full 48 hours without interruption.  I had Remote Desktop open over the VPN, and had a program reading a writing 2MB chunks to a file just for a lot of traffic.  Not once did I drop the connection.  During this test, I had no other programs open, including Outlook.
I also physically unplugged my machine (ethernet cable), and then plugged it back in about 20 seconds later.  The VPN picked back up with no problem.
I have a ticket in with Watchguard to check on the problem.  I don't have any client logs yet, as I was just assigned the problem on Fri.
The only common thread I can find so far is Outlook seems to be in use at the times the outages are reported.  This can be Outlook on the client side using Exchange mode (not POP3 or IMAP), or Remote Desktop with Outlook running on the users desktop.  We are also using Microsoft CRM 3.0.
LVL 32

Accepted Solution

dpk_wal earned 2000 total points
ID: 22758869
I am not sure what is the exact cause of problem; as I said it looks to me some sort of resource exhaustion [in most probability memory or inherent data structure].

I do not think that the problem is related to Outlook; it might be to do with the total amount of traffic combined with sessions, CPU load and memory consumption; as you were logged in as single user the resource limits were not pushed and hence you did not encounter the problem.

I would suggest you to monitor the unit for some days and see if you get any specific logs; other than the ones you have already posted. It would be interesting to see what we get to see.

Please check and update.

Thank you.

Expert Comment

ID: 24863102
So are you saying it was a memory exhaustion issue after you talked to WG support?  If so, what was the resolution to the original issue?  Newer watchguard with more memory?  Software upgrade?

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question