Link to home
Create AccountLog in
Avatar of RLUNT
RLUNT

asked on

SBS 2008 vpn inconsistent

SBS2008 VPN will connect sporadically.  The NPS log will show a mixed set of results.

Sometimes a full connection, others the attempt, others nothing.

I can try 4 times in a row and it will hit on 1, 3 or 4.

Looking for ideas on the why it is sporadic.  Since it connects, obviously the router is configured, unless it is using dynamic ports and not all of them are open for every attempt.

Have 5 hours into it and the elaborate/detailed MS logging is not helping.
Avatar of .
.
Flag of Solomon Islands image

Are you using PPTP ? I have seen this before and usually it happens because although TCP:1723 is open in your Firewall GRE:47 is not and the two protocols work together. If this is not done your VPN tunnel becomes unstable. If your firewall will not allow GRE routing then open UDP:500.

Avatar of RLUNT
RLUNT

ASKER

Ok, I need clarity on which 'firewall' you are referring to.

The SBS2008 firewall or my router firewall?
your perimeter router / firewall
Avatar of RLUNT

ASKER

Ok, I have GRE open. I'll add UDP 500 as a port forward and try.
ASKER CERTIFIED SOLUTION
Avatar of .
.
Flag of Solomon Islands image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of RLUNT

ASKER

The UPD 500 did not help.

It is acting like one of 2 things:

a) Authentication
b) dynamic port set and I don't have that port open on the firewall

How would you set up random intervals of a PPTP connection?
Avatar of RLUNT

ASKER

I just did 20 connections within the LAN - no failures
sounds like the issue is that your fw is not routing the gre traffic. check your rules, make sure you have the latest firmware and restart it. I had a cisco pix that suffered memory leaks, every so often it prevented specific protocols accessing the internet i.e. smtp or dns  
Avatar of RLUNT

ASKER

You might be on to something. We have had flaky results. I rebuilt the router yesterday.

I have latest firmware per the vendor yesterday.
Please drop MTU on router to 1400 or even less if you still have issues.
Olaf
Avatar of RLUNT

ASKER

Great suggestions thus far.

With the suggestions John has offered I have narrowed it down to the router, as I now have 2 VPN servers up within the firewall on 2 independent external IP addresses. Both are experiencing the same phenomenon, one with Windows AD authentication and one with local authentication.

I have the router Mfg on the line
Avatar of RLUNT

ASKER

Helped tremendously thanks did not find the source but did narrow it down to the router