• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4438
  • Last Modified:

Trouble with SonicWall Global VPN Connection dropping - strang scenario.

I have a very odd scenario that Im hoping someone can help me answer.  I have a Windows 2003 Server Network with a Sonicwall T170 firewall.  I have a Windows 2000 user who connects remotely using the Global VPN Client.  He never has a problem getting a connection to the VPN and I can see him on my end.  However, after a few minutes, he can no long ping our Domain Controller or Exchange server.  I can still see him once this has happened but he cant connect to his email, etc..  In order to fix his problem, he has to reload (import) the lmhosts.sam file in the properties of the SonicWall Virtual Adapter and then, he is okay for a while until he has to do it again.  This is very cumbersome but, he does it.  We have tried everything we know to try, including contacting SonicWall which was absolutely no help.

Now for the REALLY ODD thing &&.I connected to his computer (via his Internet connection  not VPN) using PCAnywhere Version 10.  While I am connected to him, doing nothing but watching him  work (he loads be a host and I connect), everything works PERFECTLY   his connection never drops and everything runs very fast.  I tested this to be sure that it really did work better only when PCAnywhere was connected.  I disconnected and he soon lost his connection.  I then reconnected for several hourse and everything worked like a charm.  

How can this be?  I dont understand?  What is PCAnywhere doing is it somehow using my host file for his connection?  I am running Vista.  

Thanks for any insight you can give me on this.
0
Papercone1
Asked:
Papercone1
1 Solution
 
Rob WilliamsCommented:
What type of Internet connection does the user have? Possibly PPPoE? I have seen this disconnect very quickly and frequently. It is by design. If this is the case, sometimes you can enable "keep alive" on the modem or router's ISP configuration, or set the time out value to '0' (disabled).

As a test try from the client, as soon as they connect, start a persistent ping and see if the connection stays active. To do so from a command line use ping with the -t option and ping the server such as:
ping -t 192.168.123.123

If with the ping, the connection doesn't stay active, I would try lowering the MTU value of the client machine. From an earlier post of mine:
Dropped connections can often be caused by too high an MTU (Maximum Transmission Unit) size, especially if it is a lower than normal performance connection. It is recommended you change this on the connecting/client computer and when possible, it's local router. The easiest way to change the MTU on the client is using the DrTCP tool:
http://www.dslreports.com/drtcp
As for where to set it, if not using automatic, it has to be 1430 or less for a Windows VPN which uses PPTP if using the basic client (1460 for L2TP). There are ways to test for the optimum size of the MTU such as:
http://www.dslreports.com/faq/5793
However, this is not accurate over a VPN due to additional overhead. The best bet is to set it to 1300, and if it improves the situation, gradually increase it.
A couple of related links:
http://www.dslreports.com/faq/7752
http://www.chicagotech.net/vpnissues/vpndorp1.htm

The LMHosts file issue is interesting and I suspect a different issue. Instead of using the LMHosts file try editing the advanced TCP/IP properties of the Sonicwall's VPN/virtual adapter under the DNS tab. Add the server's IP for DNS and the domain name suffix. These are outlined in my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx


0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now