Solved

Cisco VPN Client randomly disconnecting from remote peer.

Posted on 2010-11-15
5
550 Views
Last Modified: 2012-05-10
I have a client that uses the Cisco VPN Client to connect from his home PC (WinXPPro) to his office network.  The client is terminating to a Cisco 851W router.  We're using IPSEC.  The home PC is connecting through a Linksys/Cisco WRV200 router.  IPSEC passthrough is enabled.

Both the home internet connection and the office internet connection seem otherwise stable, so we don't really suspect that either side is knocking the connection down due to bouncing.

From the home PC, I'm able to successfully connect the VPN client to the main office, and browse network shares, connect to Exchange, etc.  The client remains connected for anywhere from 5 minutes to 25 minutes, at which point the connection becomes unresponsive and an error pops up:  "Secure VPN Connection terminated locally by the Client.  Reason 412:  The remote peer is no longer responding."

I can't be entirely sure, but it seems as though the connection drops whenever I put a strain on it (downloading a large file from the office file server, opening a large folder in Outlook, etc).

Also, I'm noticing in the Connection Statistics alot of packets being bypassed.  I'm not sure if this is normal or not.  We don't seem to be dropping any packets, and there are alot being encrypted/decrypted.

And finally, something that I feel might have something to do with it.  A few days ago, we were forced to factory default the Linksys router at the home, due to a lost password.  The config was pretty simple to replicate (including IPSEC passthrough), but it just seems a bit coincidental that this problem cropped up immediately after resetting the router.

Any help would be appreciated.  Thanks!
0
Comment
Question by:aptnetworks
  • 4
5 Comments
 
LVL 1

Author Comment

by:aptnetworks
ID: 34138352
After some further testing, it really does seem that the packet bypassing might be related.  I've attempted several times to download a 176 MB file from the remote file server via the VPN connection, and each time, the download progresses to 40-60% and then fails.  Notably, in the VPN connection statistics, the sent and received bytes seems to stall, and the bypassed packets start to increment.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 34144429
I had this problem one time before using the WRV200. Did you upgrade the firmware? Also, use DRTCP to change the MTU size on the client machines connection that is being used to initiate the vpn to 1300 and see if you still get the same result.
0
 
LVL 1

Author Comment

by:aptnetworks
ID: 34146516
I'll give that a shot.  In the past we've also used an MTU setting of 1492 as well.

The router has the latest firmware available.  We're also going to try connecting the PC directly to the cable modem to confirm that the router is the culprit.
0
 
LVL 1

Accepted Solution

by:
aptnetworks earned 0 total points
ID: 34157748
Looks like it was a bad router.  I replaced it this morning, and with minimal configuration, the VPN is working perfectly through the new router.

It looks like the old router was definitely causing severe packet fragmentation and bypassing.

From doing a bit of reading, the WRV200 is notorious for causing problems with Cisco VPN connectivity.  Probably why it's EOL now.
0
 
LVL 1

Author Closing Comment

by:aptnetworks
ID: 34186396
Figured it out myself.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Backup UPS - email alert 3 85
site to site tunnel not autostarting 5 36
VPN doubts 4 25
Cisco IOS from ipbase to ipservices 10 27
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now