Avatar of cometal
cometal asked on

Watchguard VPN drops after 1 or 2 minutes.

We have got a Watchgaurd Firebox. It is configured. But every new computer/user has got a vpn-connection that drops after one or two minutes.
Existing computers/users have no problem.
On the new computers, I have diabled the windows firewall.
The old and the new users use the same vpn-client.

Can I get some help please?
System Utilities

Avatar of undefined
Last Comment
cometal

8/22/2022 - Mon
John

1 .Some VPN clients have idle time settings and disconnect after idle time. 2 minutes is pretty short, but did you check such a setting.
2. Old vs. New: XP or Vista?
3. If XP, are the new ones SP3? and is that interfering? SP3 mucked with some network drivers. It may be worthwhile to consider uninstalling, restarting and reinstalling the network driver.
4. If Vista, is the client Vista-compliant?
5. Wired or wireless?  Or is there a difference?

...... T
Ned Ramsay

Along the same lines as above post. Look for a default time out that may have changed since the original users.
ASKER
cometal

Some VPN clients have idle time settings and disconnect after idle time. 2 minutes is pretty short, but did you check such a setting.
Setting is checked. It is 0 with all users. But I have tried 8 hours and still after 2 minutes...
2. Old vs. New: XP or Vista?
All PC's run XP
3. If XP, are the new ones SP3? and is that interfering? SP3 mucked with some network drivers. It may be worthwhile to consider uninstalling, restarting and reinstalling the network driver.
With one PC I had reïnstalled the networkdriver. No improvement
4. If Vista, is the client Vista-compliant?
5. Wired or wireless?  Or is there a difference?
One PC is connected with a wired connection
One with wifi
One with 3.3G - network.
All tree give the same flaw.

I find it weird that only the new users encounter the problem...
Your help has saved me hundreds of hours of internet surfing.
fblack61
Ned Ramsay

Bit of guesswork, its not to do with the number of users is it?
According to watchguard unless you buy upgrades it only supports 10 users (it may not even be concurrent but total).
ASKER
cometal

On the moment, there are only 3 active users.
It even happend when there was only one user connected.

Unless someone comes with a good idea, I'm going have to hire one of those expensive IT-people...

Anyway, thanks a lot for trying...

Ned Ramsay

never hire an IT person! Just play around until it works!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ned Ramsay

You asked Watchguard support?
John

nedramsay wrote: "never hire an IT person! Just play around until it works!"

I don't find that to be a helpful answer. I myself engage experts when my own expertise runs out. The reason is that often (not always, of course), true experts with proper experience can often solve a problem and get the client going. Also, I have seen the results of wannabe-experts playing around and making problems worse and more expensive repair.

I am not saying that is happening here, of course, merely that when this well dries up, employing a known expert is not necessarily a bad thing. Sometimes experts *save* money.

Also, I do agree with the later post - by all means, call Watchguard Support - good idea.
..... T
dpk_wal

Can you post few logs from traffic monitor when the users get disconnected; please sanitize the logs before posting.
Another thing I like to know is are they using same ISP or different ISP; is it possible to try cross ISP to ensure it is not ISP problem and not the firewall issue at all.
Finally, if from new user's computer you login as one of old users, does that change any results.

Thank you.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
cometal

I'll try to do some tests today.
Anyway, the problem is getting rather urgent, so I'm going to bet on more than one horse at the same time.
This forum is participating verry good, so thanks for that.
I'm registrating on Watchguard (there is a smal problem with the old registration)
Still I've orderd an intervention by our IT-service provider.

I'me curius which one will resolve the problem...
ASKER
cometal

Ok, I've tested the connection with an old user and a new user. I've included the log file as an attachement.
There is a difference but I don't know what to do about it.

If anybody can help me, it would be great.
Log-vpn.txt
dpk_wal

>>The peer gateway at 62.x.y.29:500 is presumed dead. Delete the SAs
Looks like you used same user from two different ISP; ISP with IP62.x.x.x had problem and ISP with IP 81.x.x.x went through successfully.
As the user is same, firewalls settings are same, it looks like more of a ISP/local machine issue rather than anything else.

Are they running same operating system and/or firewall; also are the ISPs same or different.

Please check and update.

Thank you.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
cometal

In this case, the ISP's are different but I get the same log if the ISP's are the same.
Both users use XP service pack 3 and the windows firewall is off. There is no other firewall installed (ex. zone alarm).

Note that de VPN tunnel works but disconnect after 3 minutes because the Firebox "presumes" the connection is death. But it isn't!. We can work fine until the Firebox makes that assuption.
dpk_wal

Please try deleting the user and adding again in firebox; do remember to send the updated file to user. Frankly FB would not disconnect the users on its own; there is a possibility that the user configuration has some issues.
After you delete the user; save file and flash image [this would cause FB to reboot]; after firebox reboots; add user again and save to firebox and check again.

Thank you.
ASKER
cometal

Sorry but I'me not used to manage the firebox like that.

How do I create the updated file for the user?

Thanks...
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
dpk_wal

When you delete the user; and recreate it the file would get automatically recreated; as this file might have some settings which might change from earlier so copy this file and send it to the user.
By default the .wgx files would be located at:
C:\Documents and Settings\All Users\Shared WatchGuard\muvpn\<ip-address>\<user-name>\wgx

Thank you.
ASKER CERTIFIED SOLUTION
cometal

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question