VPN connection drops on contivity VPN client

[tmlrno1]

Hello to all,

I am a newbie to the it world and any help would be greatly appreciated.

We have Win2K pro computers in remote branches, presently going thru a Netgear FVS318 router connected to a speedstream 5360 dsl modem (PPPoE) (dynamic IP address). The FVS318 is strictly in use presently for internet sharing. We are using Nortel Contivity VPN Client 4.65. When we initiate a VPN session thru the client we connect to a Nortel VPN switch. We can establish a VPN connection w\o any problems. The problem is that the VPN connection drops intermittently without the VPN client being aware of the disconnect. The disconnects are at random time intervals i.e. 5 mins, 15 mins, 5 hrs, or can stay connected all day w\o a disconnect. We have had up to 5 VPN sessions running thru the router at any given time.

Has any1 had this problem ??? Can any1 shed some light on this or recommend a different router that may not have the same problems. We did do a test on a Linksys BEFSR41 Rev. 1.1 with latest firmware update and had no problems.

I apreciate any help.
Rob

 

[dajuish]

I am having the same problem, little different scenario;

Many of my users, including myself have had the VPN connection just kind of get "stagnant" and stop working. Most of the users that are having the problem are on a broadband connection and using a router. I have dial up users that stay connected all day with out any problems.

The router I am having this problem with is the Linksys WRT54G. I have a second lan at my home using a BEFSR41 Linksys, and that seems to stay connected all day.

The only work around I have come up with is to run a ping -t to a gateway or server ip on the network. Or using a ping utility for the less savy users.

djuser

 

[netmanrick]

Do you have keep-alive enabled on the Contivity client?

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[tmlrno1]

Hi Dajuish, netmanrick,

Thanks for your input,

Rajuish I actually had an application that was constantly communicating with a remote server to prevent any inactive time on connection.

netmanrick keepalive is enabled but still had the same problems.

I am using a Linksys befsr41 still w\o any problems. I am beginning to think it has something to do with the netgear firewall software. Still working with them for a resolve...and getting nowhere fast.

again thanks for the input and if I find anything else I will post here.

I ping 127.0.0.1 & get a response, I must be connected.
"I think I'm going bald" from this stuff.

 

[netmanrick]

Just a thought,do you have Zone Alarm installed??

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[bpatters69]

Hi Rob,

I am having the same problem with Nortel VPN and my NetGear 108Mbps Wireless router. Everything connects fine and then at some point the internet connection drops. I am trying the second posters response about running an endless ping to a known gateway. I just started the ping.

Here are some immediate observations.

1. My client authenticated a lot faster
2. I could be wrong but I could swear my internet connection seems faster

I could be wrong.

This work does make sense though. Why would a connection work and then at some point just drop? I am not a computer expert (more like an advance beginner....) but constantly pinging the gateway will not allow my client to be dropped due to inactivity.....

Rob, please post any new info you get. I have contacted NetGear as well.

Bill Patterson
Florida

 

[bpatters69]

So the borrowed "pin -t plus IP address of a gateway router is working like a champ. I guess I could mess with the NetGear settings but this is one of those if it aint broke, don't fix it scenarios......

I have been connected since 10 am and no bumps....I'm happy. Thanks, Bill

Bill Patterson
Florida

 

[tkurlowski]

I have the same issue as dajuish. Recently switched from a SMC router to Linksys WRT54G. Then the VPN drops started to occur. Switched back to SMC and all is well. Tried various firmware (latest from Linksys dated 2.02) and even a "patched" version 2.00.8 from h.vu.wifi-box.net. Nortel Contivity Keepalive set to 1 min. Any help would be appreciated.

 

[bpatters69]

I called NetGear again to see if they had any tweaks for me on my Router and they suggested that I enable a Default DMZ Server and then enter the IP address of my notebook which is running the Nortel Client. So far no drops but from what I understand, my notebook may not be as secure as it could.

As a second step, the tech at NetGear told me to find out what ports to forward (or allow) and then add those ports to the "port forwarding" option in my Router setup.

Bill

Bill Patterson
Florida

 

[NETING]

I am a newbie who finds himself in the FIRE of a new position as Network Engineer. We have three offices who interconnect(WAN)with each other via IPSEC VPN tunnels established at the Firewall level. The firewalls at all three sites are Nokia IP330's running checkpoint NG AI. This solution has been working great for us here in the United States.
The company now wants to bring in the United Kingdom office, as well as our Hong Kong office as part of our WAN. My question is what solution would be the most logical solution (Point to Point VPN, Frame Relay, ATM) for expanding our WAN accross the ocean with good performace yet at a reasonable price? We did setup a tunnel(not a point to point) between our office here in New York(Nokia IP330 running Checkpoint NG)to our office in the UK(Symantec 200r) and the performance was not that great. Am i correct in thinking that setting up a point to point is one of our top options. Thanks in advance for all your help as I really do greatly appreciate it in this time of stress.

NetIng

 

[bpatters69]

Hi NetIng,

Being on the vendor side in communications for 8 years, I would have to say that International Frame or ATM would be incredibly expensive. I know AT&T had some decent options to the UK with a co-branded offering called concert but I think that agreement has since dissolved. Of the 3 options that you suggest, I would say a VPN would give you the best bang for the buck. Not sure what kind of bandwidth that you are looking for though. What did you have in mind? T1? 256k?

Bill

Bill Patterson
Florida

 

[NETING]

Bill,

Thanks for the reply. For the UK I believe we are looking at E1 pricing. For Hong Kong we will take a T1 just because it is so cheap over there. Any suggestions on Providers?

 

[bpatters69]

I believe Cable and Wireless has a strong presence in Hong Kong. Bill

Bill Patterson
Florida