Solved

Cisco VPN Client randomly disconnecting from remote peer.

Posted on 2010-11-15
5
552 Views
Last Modified: 2012-05-10
I have a client that uses the Cisco VPN Client to connect from his home PC (WinXPPro) to his office network.  The client is terminating to a Cisco 851W router.  We're using IPSEC.  The home PC is connecting through a Linksys/Cisco WRV200 router.  IPSEC passthrough is enabled.

Both the home internet connection and the office internet connection seem otherwise stable, so we don't really suspect that either side is knocking the connection down due to bouncing.

From the home PC, I'm able to successfully connect the VPN client to the main office, and browse network shares, connect to Exchange, etc.  The client remains connected for anywhere from 5 minutes to 25 minutes, at which point the connection becomes unresponsive and an error pops up:  "Secure VPN Connection terminated locally by the Client.  Reason 412:  The remote peer is no longer responding."

I can't be entirely sure, but it seems as though the connection drops whenever I put a strain on it (downloading a large file from the office file server, opening a large folder in Outlook, etc).

Also, I'm noticing in the Connection Statistics alot of packets being bypassed.  I'm not sure if this is normal or not.  We don't seem to be dropping any packets, and there are alot being encrypted/decrypted.

And finally, something that I feel might have something to do with it.  A few days ago, we were forced to factory default the Linksys router at the home, due to a lost password.  The config was pretty simple to replicate (including IPSEC passthrough), but it just seems a bit coincidental that this problem cropped up immediately after resetting the router.

Any help would be appreciated.  Thanks!
0
Comment
Question by:aptnetworks
  • 4
5 Comments
 
LVL 1

Author Comment

by:aptnetworks
ID: 34138352
After some further testing, it really does seem that the packet bypassing might be related.  I've attempted several times to download a 176 MB file from the remote file server via the VPN connection, and each time, the download progresses to 40-60% and then fails.  Notably, in the VPN connection statistics, the sent and received bytes seems to stall, and the bypassed packets start to increment.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 34144429
I had this problem one time before using the WRV200. Did you upgrade the firmware? Also, use DRTCP to change the MTU size on the client machines connection that is being used to initiate the vpn to 1300 and see if you still get the same result.
0
 
LVL 1

Author Comment

by:aptnetworks
ID: 34146516
I'll give that a shot.  In the past we've also used an MTU setting of 1492 as well.

The router has the latest firmware available.  We're also going to try connecting the PC directly to the cable modem to confirm that the router is the culprit.
0
 
LVL 1

Accepted Solution

by:
aptnetworks earned 0 total points
ID: 34157748
Looks like it was a bad router.  I replaced it this morning, and with minimal configuration, the VPN is working perfectly through the new router.

It looks like the old router was definitely causing severe packet fragmentation and bypassing.

From doing a bit of reading, the WRV200 is notorious for causing problems with Cisco VPN connectivity.  Probably why it's EOL now.
0
 
LVL 1

Author Closing Comment

by:aptnetworks
ID: 34186396
Figured it out myself.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM 2012 - PXE WinPE - Boot Resolution Low 10 82
f5 Persistence 14 51
MAC address learning of Riverbed 4 41
New office setup 2 22
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now