Baffled by Dropped RDP connections over Sonicwall VPN
I am in desperate need of help with an ongoing network issue and would greatly appreciate anyone who can help.
We have a main office and two branch offices connected via VPN. The main office has a Sonicwall TZ210 connected via DSL on X1 and Bonded T1(3 Mbs) on X2, each branch office has a Sonicwall TZ 180 connected via DSL on the WAN port and T1(1.5Mbs) on OPT port. The VPN policy is bound to the T1’s and Http/s traffic is routed to the DSL’s. It has been configured and working well for about 2 years. Several months ago, RDP connections from the branch offices to the terminal server in our main office began dropping and in recent weeks have become very bad.
1) Every few minutes at irregular intervals clients at remote offices lose their TS connection. When it drops it stays down for seconds to minutes at a time. Some days we will go hours with no drops other days it drops every 3-5 minutes.
2) When the remote TS clients get disconnected, they all get disconnected at the same time.
3) During the disconnect, I cannot ping the TS from the remote offices over the VPN, However I can ping the TS from the local network in the main office.
4) During the disconnects, I can ping other servers at the main office from the remote offices over the vpn.
5) RDP connections to the terminal server from the local network do not get disconnected.
From my desktop (192.168.1.100) in our main office, I can RDP into the file sever in our El Paso office (192.168.4.10), While connected I RDP back into our TS (192.168.1.6). After a few minutes, I see the El Paso file server loose it’s RDP connection to our TS but I never loose my connection to El Paso.
What I have tried.
1) Contacted all ISP and verified connections are working properly. There were some connectivity issues with two of our offices. The ISP’s tell me those have been resolved though I am not 100% convinced.
2) Reduced MTU size on all wan interfaces on all sonicwalls to 1436 from 1500. This is the largest I can send over the vpn before fragmentation.
3) Changed the TCP Connection Inactivity Timeout from 15 minutes to 60 Minutes for all LAN->VPN and VPN->Lan Access rules on all the sonicwalls.
4) Changed “Firewall > Advanced Rule Options - Default UDP Connection Timeout from 30 to 61 Seconds (suggested on another site – no noticeable difference)
5) “Allow Fragmented Packets” is turned on in all the access rules.
6) “Fragment non-VPN outbound packets larger than this Interface's MTU” and “Ignore Don't Fragment (DF) Bit” is On for all WAN and OPT interfaces on all Sonic walls
7) Upgraded the Firmware on the TZ210 to the latest
8) Attempted to Update firmware on TZ180’s but the firmware fails to upload. I’ll be making another post about that issue
9) Ran Symantec and Malware bytes scan on TS (clean)
10) Verify the VPN traffic is going over the T1 and not the DSL
11) Verified all TS clients are connecting via the correct local IP (192.168.1.6)
What I plan to try next.
1) Currently there is a cisco switch between the TZ210 and the TS. I will try connecting the TS directly to the SW TZ210 in case there is some issue with the switch
2) I will attempt to resolve the issue with updating the Firmware on the TZ180’s
3) Make sure my office door stays locked and a can of mace is handy.
4) Wait patiently for the advice of those wiser than me ¿
There are only 4-5 users at each remote office – 9 Total.
TS – win 2003 R2 64Bit SP2, Quad Core Xeon at 2.83 Ghz, 12 GIG of ram. It has all MS updates applied. It is not being over taxed.
TZ180’s Firmware Version: SonicOS Enhanced 126.96.36.199-12e
ROM Version: SonicROM 188.8.131.52
TZ210 Firmware Version: SonicOS Enhanced 184.108.40.206-46o
Safemode Version: SafeMode 220.127.116.11
ROM Version: SonicROM 18.104.22.168