cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
287
Views
0
Helpful
2
Replies

Intermittant problem - not able to access resoures

y.humbert
Level 1
Level 1

Hi,

We have setup a 2621XM as a VPN server for users access corporate network from home. The 2621XM is connecting to Internet with a 6MB broadband connection. The home users are using WinXP to make the PPTP VPN connection.

The home users have an intermittant problem that they can establish the VPN connection but not able to access any resoures (e.g. email, RDP, citrix). All these users are using broadband (min. speed 1.5M) to connect to Internet.

When users are using phone line (max. speed 56k) to connect to Internet, they dont have such problem and it is working perfectly fine with the VPN.

For home users that are using broadband connection, there is around 50% failure rate not able to access the resources. For home users that are using phone line connection, there is no such problem at all.

Could anyone help me to find out the causes of this problem? Could this be related to the MTU or MSS value?

Thanks in advance

2 Replies 2

ehirsel
Level 6
Level 6

If the 50% failure is where user1 can always connect from their home. but user2 cannot, I would look at the mtu size being an issue - some ADSL connections have a 1492 byte mtu using 8 bytes for control, especially if PPPoE is used. Another item to examine is if the ip address assigned to the client conflicts with their SOHO network or there is some overlap where packets stay local instead of crossing into the corp network over the PPTP session.

If the failure is user1 getting in some of the time, but not at other times, from the same location, I'd look to see if the address that is assigned is always routed to the same vpn peer and it does not conflict with another subnet within your network. Also it could be that the dns/wins server or domain info does not get propogated to the client.

If a user reports a problem have them run the ipconfig /all command after connecting - this will tell you what the virtual/ndis-wan adapter config looks like and the dns name as well as wins/dns server info will appear along with the ip address.

Let me know what you find.

Hi,

Thanks for your reply. The problem was not happened to a fixed user, location or time. I have checked the "ipconfig /all" with those users that had problem. They all have DNS info.

We are using DHCP to assign IP to the VPN user, so there should not be any conflict with the IP address. Please see the config. below:

interface Virtual-Template1

ip unnumbered FastEthernet0/0

ip helper-address 157.168.136.89

peer default ip address dhcp

compress mppc

ppp encrypt mppe auto

ppp authentication ms-chap vpndial

ppp authorization vpndial

ppp accounting vpndial

What can I do with the MTU in the configuration?