07-06-2004 07:44 PM - edited 03-09-2019 07:58 AM
Hi,
We have setup a 2621XM as a VPN server for users access corporate network from home. The 2621XM is connecting to Internet with a 6MB broadband connection. The home users are using WinXP to make the PPTP VPN connection.
The home users have an intermittant problem that they can establish the VPN connection but not able to access any resoures (e.g. email, RDP, citrix). All these users are using broadband (min. speed 1.5M) to connect to Internet.
When users are using phone line (max. speed 56k) to connect to Internet, they dont have such problem and it is working perfectly fine with the VPN.
For home users that are using broadband connection, there is around 50% failure rate not able to access the resources. For home users that are using phone line connection, there is no such problem at all.
Could anyone help me to find out the causes of this problem? Could this be related to the MTU or MSS value?
Thanks in advance
07-08-2004 12:31 PM
If the 50% failure is where user1 can always connect from their home. but user2 cannot, I would look at the mtu size being an issue - some ADSL connections have a 1492 byte mtu using 8 bytes for control, especially if PPPoE is used. Another item to examine is if the ip address assigned to the client conflicts with their SOHO network or there is some overlap where packets stay local instead of crossing into the corp network over the PPTP session.
If the failure is user1 getting in some of the time, but not at other times, from the same location, I'd look to see if the address that is assigned is always routed to the same vpn peer and it does not conflict with another subnet within your network. Also it could be that the dns/wins server or domain info does not get propogated to the client.
If a user reports a problem have them run the ipconfig /all command after connecting - this will tell you what the virtual/ndis-wan adapter config looks like and the dns name as well as wins/dns server info will appear along with the ip address.
Let me know what you find.
07-20-2004 11:50 PM
Hi,
Thanks for your reply. The problem was not happened to a fixed user, location or time. I have checked the "ipconfig /all" with those users that had problem. They all have DNS info.
We are using DHCP to assign IP to the VPN user, so there should not be any conflict with the IP address. Please see the config. below:
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip helper-address 157.168.136.89
peer default ip address dhcp
compress mppc
ppp encrypt mppe auto
ppp authentication ms-chap vpndial
ppp authorization vpndial
ppp accounting vpndial
What can I do with the MTU in the configuration?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide