VPN Stopped Working [Archive] - SpeedGuide.net Broadband Community
PDA

View Full Version : VPN Stopped Working

AnklBytr
02-25-02, 07:23 PM
Hi Folks,

Looking for answers out here amongst the techies!

I'm having troubles connecting to my office VPN over my cablemodem for the FIRST time in years. I am very sure that this is not a configuration issue on our corporate Firewall (Checkpoint) or on my Securemote client. I know it's not because VPN will work fine over dial-up or on an alternate Internet connection that I've tested with the exact config.

On my Cablemodem w/TIMEWARNER, I am UNABLE to authenticate or communicate with the Firewall with the occassional exception of getting in (3 times in the last week - off hours).

Someone told me it could be MTU size. Could it be a network latency issue? Does anyone else have any ideas?

- Ankl
greEd
02-25-02, 07:29 PM
Without knowing any of the technical aspects (such as settings, authentication, etc.) it sounds like your company is experiencing high traffic and not negotiating a connection with it's vpn clients. Is anyone else in the office having the same problems?
What is your MTU set to as of now?
AnklBytr
02-25-02, 08:07 PM
thanks for the reply!

My MTU is set to default (1500) for LAN, although I just installed the speedguide.net patch for cablemodems and XP. From what I understand MTU is automatically determined anyway.

Our office does no negotiation. Our POP is all the way across the country (epoch) and we're in NC. No telling what Timewarner's network is like. But I've been working fine for months...years.

Here's what my settings are as it relates to VPN:

Firewall: CheckPoint Firewall-1 4.1
Client: Securemote 4.1SP5

Strong 3DES
Encryption: IKE
(advanced settings makes no difference)
AnklBytr
02-25-02, 09:19 PM
anyone else?
Stu
02-26-02, 12:48 AM
It could be your service provider trying to discourage full-time remote employees from chewing up all their bandwidth. They could do that by disabling IPSec protocols 50 and 51 (IP Tunneling, which is how VPN communicates) during peak times of network usage. I'd call and see if this is the case.
pieterjb
02-27-02, 09:56 AM
I suggest changing your mtu to 1460 for example.

SecureRemote adds some bytes to the original frame and by doing this, the frame can become bigger then the 1500 bytes allowed by the mtu.