10-24-2001 08:48 AM - edited 02-21-2020 11:27 AM
[Response] ddianis
Sep 25, 2001, 11:33am Pacific (15.)
I have a VPN client that gets disconnected while using DSL with a message "IPSec terminated session". But the same laptop will stay connected for hours while using a dial connection. Where or how do I start troubleshooting a problem like this?
This question was never answered and I am having a similar problem? Anyone have any input?
10-25-2001 12:41 AM
May be that the xDSL ISP is dropping/filtering IPSec traffic.
I have heard that some ISPs are blocking IPSec traffic.
10-25-2001 08:53 AM
I called AOL and they said that they are not blocking IPSEC traffic.
10-26-2001 12:53 AM
Dear Rimon,
I looks like you have some problems with NAT.
Your DSL if you have a router in that end and are yousing NAT, that can be the problem.
Best regards
Soren Knudsen
10-26-2001 02:01 AM
In Taiwan,If you using xDSL connect to the ISP.
Some ISP will disconnect your connection,when you
idle to much time.
Maybe you can ask your service provide.
10-26-2001 07:06 AM
Rimon,
You don't mention which VPN server and client
you're using; my experience comes from using the
Cisco VPN3000 concentrator and related client.
Either you're internet connection to the VPN
server has been broken, or there's been and IPSec
specific issue. To get more debugging info on the
latter, check the event log on the VPN server.
You'll want to first get the server configured
to maximize it's logging level on IPSec related issues. In the Cisco 3000 concentrator, for example,
go to "Configure, System, Events, Classes" and either
add or modify IPSec, IPSecdebug, and IPSecdecode for
maximum logging. On the client side, run logging
*before* starting the session, so you can get info
on everything along the way. The cisco client comes
with an app called "Log Viewer".
Also - to check on the first issue, of internet
connectivity being broken between the client and
server, try pinging to the server immediately
after the connection breaks. This may not detect
subtle performance or transient issues, but if
you CAN'T ping the server - you know right away
that its a general internet issue, rahter than
an IPSec one.
good luck!
- Sholom
messed
10-31-2001 06:29 AM
I have been tracking down this problem for a while now, as several of our users have also experienced disconnects when using DSL links.
As has been mentioned some ISPs do block port 500. I have tracked the problem down to two things in our case both can cause problems:
1. MTU set to large, this causes fragmentation and if you run a personal Firewall this sees it as a Denial of service attack and starts blocking.
2. If your DSL connection uses a USB modem with VIA chipset. Always install the latest Via 4 in1 drivers and USB filter from the Via website. If you have a Motherboard of the KT7 type, one workaround is to change the BIOS settings: set the enhanced chipset performance setting on enable. This should help in most cases. For more information about the KT7 / VIA chipset issues with USB, read the KT7 FAQ or the USBman page on the Alcatel web site.
11-08-2001 09:51 AM
I have exactly the same situation (DSL, VPN, Windows 2000). My "record of working" is 20 minutes.
Maybe it is problem with MTU, because Microsoft Terminal Services Client doesn't work on W2K with Cisco VPN and I found some similar information in TechNet about MTU size. I know how to change MTU in NT4, but in W2K I don't know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: