Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec 200R Drops Connection 1

Status
Not open for further replies.
schase

schase

Technical User
Sep 7, 2001
1,756
US
Howdy, I have the Symantec 200R Firewall/VPN appliance.

I am noticing that Instant messenger programs will detect a very fast drop of internet connection and close connection to it. Workstations using terminal services will disconnect almost immediately.

They are micro-drops - as someone browsing a website will barely notice anything is happening. But it will continue to do it time after time again.

Soon as I restart the router, it smooths out again. and no problems for a day or so.

Further info.

I removed logging except for system activity and debug information.

Which stopped it from dropping the connection quite as abruptly.

However, Some workstations were still reporting they were being
dropped every 24 hrs for roughly 45 minutes (until the point I reset
the machine).

Now if I restarted the router through the browser it would delay the
droppings for about 4 more hours - and I would need to reset the
appliance again.

I have zero errors coming through during the times of the disconnects,
but I do have the following errors showing up at different times.


tc_interface_send: xmit dropped, out list full: num in que =
0x000000bc

and
ERROR Report: ICMP UNREACHABLE RCVD, subreason = 0x00000003
ERROR Report: Socket Number = 0xfffffff


There are no common OS's between which are being dropped, the workstations are on different switches instead of just one switch. Several of the affected workstations have been moved to 100/half duplex to no effect.

I would appreciate any suggestions.

Thank you

"Never underestimate the power of determination"

Stuart
 
Sort by date Sort by votes
1st, make sure you have the latest firmware installed.
2nd, make sure your "Alive Indicator" is set to a pingable IP address other than your immediate gateway.

Refer to thread754-644500 for details.
 
Upvote 0 Downvote
Thank you for your response.

I do have the latest firmware, 1.61, on the 1.6Y release I did a full (All) firmware and the 1.61 I did the APP firmware upgrade.

My 200R has always been on an UPS for battery backup and cleaner power of course.

My Alive indicator is not the gateway, it is one of my ISP's DNS Servers. Having tried changing this before to the same effect.

"Never underestimate the power of determination"

Stuart
 
Upvote 0 Downvote
Have you confirmed that the DNS server responds when you ping it?

Other than changing the Alive indicator there isn't much more that can be done.

Unfortunately the Symantec VPN firewalls are overly sensitive about the connection dropping, and once they determine the connection is lost (valid or otherwise) the only solution is a reset.
 
Upvote 0 Downvote
Yes I've pinged when its doing its up/down thing and pings no problem at all.

Looking over the firmware notes from release to release I've noted they have tried to address problems with wan ports or dropping connections in nearly every firmware.

I'm picking up another router tonight to throw on and see if it goes away.

Cannot say I am very pleased with Symantec, they wont even talk to you unless you have a Gold support - their silver support is pretty much a joke.

It is interesting though that for normal web browsing there is little if no problems noted, but for terminal services or IM's - They both are connection critical.

"Never underestimate the power of determination"

Stuart
 
Upvote 0 Downvote
I have located the problem.

It is a built-in flaw basically within the Symantec 200r/Nexland
Router.

apeasecpc was right on target but not only why the VPN connections would drop. It turns out it effects the entire
connection as a whole.

It is the keep-alive indicator. Previously I had it set to our ISP's
DNS, during drops I would ping the DNS server which would ping fine,
however changing it to say altavista's IP allowed a much smoother
connection for a period of time.

This is really a big flaw, if the system detects any interruption at
all while pinging the keep-alive, it will drop the connection as it
tries to re-establish itself, which in turn drops everyones connection
in micro-drops.

The solution - I no longer needed dual wan-ports, so i bought a SMC
Router instead. Drops to date - zero.


"Never underestimate the power of determination"

Stuart
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
207
mcisar
mcisar
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
156
Garbear
Garbear
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
604
nnaarrnn
nnaarrnn
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
144
ChrisHirst
ChrisHirst
jfp23
  • Locked
  • Question
ASA 5512x 9.3 version Outbound connection issues
Replies
0
Views
119
jfp23
jfp23

Part and Inventory Search

Sponsor

Back
Top