Dual site to site VPN Link Problem

jeffland_98 · ‎12-08-2009

We are having trouble with a pair of sites which have two site to site VPN links between them. There are two 3845 routers at each site, A and B; The A router has a vpn link to the other site by the A router at that site, and the same for the Bs. On the LAN side, there are several subnets which use Gateway Load Balancing Protocol (GLBP) to share the load between the routers. On a windows 2003 server on one site if I try to do a remote file share on a server at the other site (\\server-othersite\d$ ) it will timeout after about 10 minutes with an error message "the specified network name is no longer available." If however either of the links is taken down, it works fine. If it was tried and then one link goes down it gets through after about 10 seconds.

My guess is that there is a hash used for the authentication of the remote file share which isn't getting calculated correctly. Anyone know how to get this working?

Jon Marshall · ‎12-08-2009

jeffland_98 wrote:

We are having trouble with a pair of sites which have two site to site VPN links between them. There are two 3845 routers at each site, A and B; The A router has a vpn link to the other site by the A router at that site, and the same for the Bs. On the LAN side, there are several subnets which use Gateway Load Balancing Protocol (GLBP) to share the load between the routers. On a windows 2003 server on one site if I try to do a remote file share on a server at the other site (\\server-othersite\d$ ) it will timeout after about 10 minutes with an error message "the specified network name is no longer available." If however either of the links is taken down, it works fine. If it was tried and then one link goes down it gets through after about 10 seconds.

My guess is that there is a hash used for the authentication of the remote file share which isn't getting calculated correctly. Anyone know how to get this working?

Jeff

Are you sure you are not getting an asymetric routing problem ie. oubound traffic goes down one VPN tunnel but the return traffic is going down the other VPN tunnel. This clearly wouldn't work because the return traffic would not match up.

Jon

jeffland_98 · ‎12-09-2009

Hi Jon,

Thanks for the reply. I don't think it is because each of the subnet includes a line similar to:

glbp 123 load-balancing host-dependant

which should make each node use the same router each time. I'm not sure how to tell if it is actually working though.

Jon Marshall · ‎12-09-2009

jeffland_98 wrote:

Hi Jon,

Thanks for the reply. I don't think it is because each of the subnet includes a line similar to:

glbp 123 load-balancing host-dependant

which should make each node use the same router each time. I'm not sure how to tell if it is actually working though.

Jeff

host-dependant simply means the same host will use the same virtual forwarder. But we are talking about 2 way traffic here. So traffic coming in may use one of the VPN tunnels but the return traffic may well use the other router connected to the VPN tunnel.

Might be time to do some debugging on the routers.

Jon

jeffland_98 · ‎12-09-2009

Jon,

I don't think going down one VPN and the return traffic over the other VPN is the problem since these are site to site VPNs We're actually only having the problem on sub-interfaces which are configured on an NM-1GE in slot 4 on the two routers at one site. If I shut down the interface in either router, the file share works fine. It's only this Microsoft type of traffic that seems to have the problem. I can ping with no problem. I even tried deleting and reinstalling one of the subinterfaces.