VPN Issue, connection unserviceable after initial connection succeeds

Hi all,
I am having some issues with my point-to-point vpn. I have two
servers set up across the Internet and am trying to connect them using
the persistent vpn connection (branch office type). I have set up the
interfaces and the corresponding user accounts for the "routers" (the
routers are the two servers I am using as endpoints).
I have two server 2003 machines, one natting a 10.100.0.0 (class C)
and another across the Internet that nats a 192 network. I am trying
to have a route so that computers on the 10.100.0.0 net can see
machines on the 192 network.
When I establish the connection, everything works great. I can ping
across the subnets, RDP, exactly what I want(except for DNS, but that's
another issue).
The problem is that after about 10 minutes or so I can't send packets
across the router. The interface still shows as connected, but the 10
subnet can't get to the 192 net, and vice versa.
I used the wiazrd to set this up on both ends. I can't figure this
one out. I thought maybe I needed KB875501, but MS informed me that
particular hotfix is included in SP1.

Any ideas?

It can be MTU issue (check the link below). Also why don't you setup site to site VPN?

VPN connection is disconnected after serveral minutes VPN connection is disconnected after several minutes. We have been seeing more and more cases like this one. We don't really know the causes, ...
www.chicagotech.net/VPN/vpn3minutes.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"astochlia" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com...
Hi all,
I am having some issues with my point-to-point vpn. I have two
servers set up across the Internet and am trying to connect them using
the persistent vpn connection (branch office type). I have set up the
interfaces and the corresponding user accounts for the "routers" (the
routers are the two servers I am using as endpoints).
I have two server 2003 machines, one natting a 10.100.0.0 (class C)
and another across the Internet that nats a 192 network. I am trying
to have a route so that computers on the 10.100.0.0 net can see
machines on the 192 network.
When I establish the connection, everything works great. I can ping
across the subnets, RDP, exactly what I want(except for DNS, but that's
another issue).
The problem is that after about 10 minutes or so I can't send packets
across the router. The interface still shows as connected, but the 10
subnet can't get to the 192 net, and vice versa.
I used the wiazrd to set this up on both ends. I can't figure this
one out. I thought maybe I needed KB875501, but MS informed me that
particular hotfix is included in SP1.

Any ideas?

What is the difference with site-to-site vpn? In essence, isn't what I
am doing a site-to-site? If there is a better way, how do I set that
up?

Robert L [MVP - Networking] wrote:
> It can be MTU issue (check the link below). Also why don't you setup site to site VPN?
>
> VPN connection is disconnected after serveral minutes VPN connection is disconnected after several minutes. We have been seeing more and more cases like this one. We don't really know the causes, ...
> www.chicagotech.net/VPN/vpn3minutes.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "astochlia" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com...
> Hi all,
> I am having some issues with my point-to-point vpn. I have two
> servers set up across the Internet and am trying to connect them using
> the persistent vpn connection (branch office type). I have set up the
> interfaces and the corresponding user accounts for the "routers" (the
> routers are the two servers I am using as endpoints).
> I have two server 2003 machines, one natting a 10.100.0.0 (class C)
> and another across the Internet that nats a 192 network. I am trying
> to have a route so that computers on the 10.100.0.0 net can see
> machines on the 192 network.
> When I establish the connection, everything works great. I can ping
> across the subnets, RDP, exactly what I want(except for DNS, but that's
> another issue).
> The problem is that after about 10 minutes or so I can't send packets
> across the router. The interface still shows as connected, but the 10
> subnet can't get to the 192 net, and vice versa.
> I used the wiazrd to set this up on both ends. I can't figure this
> one out. I thought maybe I needed KB875501, but MS informed me that
> particular hotfix is included in SP1.
>
> Any ideas?
>
> ------=_NextPart_000_003D_01C6D5B8.3F587BA0
> Content-Type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> X-Google-AttachSize: 3197
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2963" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>It can be MTU issue (check the link below). Also why don't you setup site
> to site VPN?</DIV>
> <DIV>&nbsp;</DIV>
> <DIV><A class=l href="http://www.chicagotech.net/VPN/vpn3minutes.htm"><FONT
> color=#663399><B>VPN</B> connection is disconnected after serveral
> <B>minutes</B></FONT></A>
> <TABLE cellSpacing=0 cellPadding=0 border=0>
> <TBODY>
> <TR>
> <TD class=j><FONT size=-1><B>VPN</B> connection is disconnected after
> <B>several minutes</B>. We have been seeing more and more cases like this
> one. We don't really know the causes, <B>...</B><BR><FONT color=#008000><A
> href="http://www.chicagotech.net/VPN/vpn3minutes.htm">www.chicagotech.net/<B>VPN</B>/<B>vpn</B>3<B>minutes</B>.htm</A>
> </FONT></FONT></TD></TR></TBODY></TABLE></DIV>
> <DIV><BR>Bob Lin, MS-MVP, MCSE &amp; CNE<BR>Networking, Internet, Routing, VPN
> Troubleshooting on <A
> href="http://www.ChicagoTech.net">http://www.ChicagoTech.net</A> <BR>How to
> Setup Windows, Network, VPN &amp; Remote Access on <A
> href="http://www.HowToNetworking.com">http://www.HowToNetworking.com</A> </DIV>
> <BLOCKQUOTE
> style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
> <DIV>"astochlia" &lt;<A
> href="private.php?do=newpm&u=">astochlia@gmail. com</A>&gt; wrote in message
> <A
> href="news:(E-Mail Removed) glegroups.com">news:1158004903.926305.75430@m73g20 00cwd.googlegroups.com</A>...</DIV>Hi
> all,<BR>&nbsp; I am having some issues with my point-to-point vpn.&nbsp; I
> have two<BR>servers set up across the Internet and am trying to connect them
> using<BR>the persistent vpn connection (branch office type).&nbsp; I have set
> up the<BR>interfaces and the corresponding user accounts for the "routers"
> (the<BR>routers are the two servers I am using as endpoints).<BR>&nbsp; I have
> two server 2003 machines, one natting a 10.100.0.0 (class C)<BR>and another
> across the Internet that nats a 192 network.&nbsp; I am trying<BR>to have a
> route so that computers on the 10.100.0.0 net can see<BR>machines on the 192
> network.<BR>&nbsp; When I establish the connection, everything works
> great.&nbsp; I can ping<BR>across the subnets, RDP, exactly what I want(except
> for DNS, but that's<BR>another issue).<BR>&nbsp; The problem is that after
> about 10 minutes or so I can't send packets<BR>across the router.&nbsp; The
> interface still shows as connected, but the 10<BR>subnet can't get to the 192
> net, and vice versa.<BR>&nbsp; I used the wiazrd to set this up on both
> ends.&nbsp; I can't figure this<BR>one out. I thought maybe I needed KB875501,
> but MS informed me that<BR>particular hotfix is included in SP1.&nbsp;
> <BR><BR>Any ideas?<BR></BLOCKQUOTE></BODY></HTML>
>
> ------=_NextPart_000_003D_01C6D5B8.3F587BA0--

You may already did. What I mean is Demand-Dial VPN.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"astochlia" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) oups.com...
What is the difference with site-to-site vpn? In essence, isn't what I
am doing a site-to-site? If there is a better way, how do I set that
up?

Robert L [MVP - Networking] wrote:
> It can be MTU issue (check the link below). Also why don't you setup site to site VPN?
>
> VPN connection is disconnected after serveral minutes VPN connection is disconnected after several minutes. We have been seeing more and more cases like this one. We don't really know the causes, ...
> www.chicagotech.net/VPN/vpn3minutes.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "astochlia" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com...
> Hi all,
> I am having some issues with my point-to-point vpn. I have two
> servers set up across the Internet and am trying to connect them using
> the persistent vpn connection (branch office type). I have set up the
> interfaces and the corresponding user accounts for the "routers" (the
> routers are the two servers I am using as endpoints).
> I have two server 2003 machines, one natting a 10.100.0.0 (class C)
> and another across the Internet that nats a 192 network. I am trying
> to have a route so that computers on the 10.100.0.0 net can see
> machines on the 192 network.
> When I establish the connection, everything works great. I can ping
> across the subnets, RDP, exactly what I want(except for DNS, but that's
> another issue).
> The problem is that after about 10 minutes or so I can't send packets
> across the router. The interface still shows as connected, but the 10
> subnet can't get to the 192 net, and vice versa.
> I used the wiazrd to set this up on both ends. I can't figure this
> one out. I thought maybe I needed KB875501, but MS informed me that
> particular hotfix is included in SP1.
>
> Any ideas?
>
> ------=_NextPart_000_003D_01C6D5B8.3F587BA0
> Content-Type: text/html; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> X-Google-AttachSize: 3197
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content="MSHTML 6.00.2900.2963" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>It can be MTU issue (check the link below). Also why don't you setup site
> to site VPN?</DIV>
> <DIV>&nbsp;</DIV>
> <DIV><A class=l href="http://www.chicagotech.net/VPN/vpn3minutes.htm"><FONT
> color=#663399><B>VPN</B> connection is disconnected after serveral
> <B>minutes</B></FONT></A>
> <TABLE cellSpacing=0 cellPadding=0 border=0>
> <TBODY>
> <TR>
> <TD class=j><FONT size=-1><B>VPN</B> connection is disconnected after
> <B>several minutes</B>. We have been seeing more and more cases like this
> one. We don't really know the causes, <B>...</B><BR><FONT color=#008000><A
> href="http://www.chicagotech.net/VPN/vpn3minutes.htm">www.chicagotech.net/<B>VPN</B>/<B>vpn</B>3<B>minutes</B>.htm</A>
> </FONT></FONT></TD></TR></TBODY></TABLE></DIV>
> <DIV><BR>Bob Lin, MS-MVP, MCSE &amp; CNE<BR>Networking, Internet, Routing, VPN
> Troubleshooting on <A
> href="http://www.ChicagoTech.net">http://www.ChicagoTech.net</A> <BR>How to
> Setup Windows, Network, VPN &amp; Remote Access on <A
> href="http://www.HowToNetworking.com">http://www.HowToNetworking.com</A> </DIV>
> <BLOCKQUOTE
> style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
> <DIV>"astochlia" &lt;<A
> href="private.php?do=newpm&u=">astochlia@gmail. com</A>&gt; wrote in message
> <A
> href="news:(E-Mail Removed) glegroups.com">news:1158004903.926305.75430@m73g20 00cwd.googlegroups.com</A>...</DIV>Hi
> all,<BR>&nbsp; I am having some issues with my point-to-point vpn.&nbsp; I
> have two<BR>servers set up across the Internet and am trying to connect them
> using<BR>the persistent vpn connection (branch office type).&nbsp; I have set
> up the<BR>interfaces and the corresponding user accounts for the "routers"
> (the<BR>routers are the two servers I am using as endpoints).<BR>&nbsp; I have
> two server 2003 machines, one natting a 10.100.0.0 (class C)<BR>and another
> across the Internet that nats a 192 network.&nbsp; I am trying<BR>to have a
> route so that computers on the 10.100.0.0 net can see<BR>machines on the 192
> network.<BR>&nbsp; When I establish the connection, everything works
> great.&nbsp; I can ping<BR>across the subnets, RDP, exactly what I want(except
> for DNS, but that's<BR>another issue).<BR>&nbsp; The problem is that after
> about 10 minutes or so I can't send packets<BR>across the router.&nbsp; The
> interface still shows as connected, but the 10<BR>subnet can't get to the 192
> net, and vice versa.<BR>&nbsp; I used the wiazrd to set this up on both
> ends.&nbsp; I can't figure this<BR>one out. I thought maybe I needed KB875501,
> but MS informed me that<BR>particular hotfix is included in SP1.&nbsp;
> <BR><BR>Any ideas?<BR></BLOCKQUOTE></BODY></HTML>
>
> ------=_NextPart_000_003D_01C6D5B8.3F587BA0--

Yeah, I set this up using the demand-dial interface wizard and then
changed the type to persistent connection. I followed the example from
Microsoft that details setting up a branch office vpn. I don't
understand why it works initially then fails, especially because the
interfaces still show "connected" I rebooted both servers and it has
been working successfully for about 10 hours now, that makes me think
maybe it is an issue with the driver code. I'll look for updated
drivers tomorrow. Other than that, I am at a loss.
I read the article on MTU size, and discerned that the MTU for that
connection is 1372 bytes, I will also make those adjustments. I'll
post back here if I find the culprit. Thanks for the replies.