1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems with Multiple VPN Passthrough

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by cyril_cbo, Sep 27, 2005.

  1. cyril_cbo

    cyril_cbo Guest

    hi,

    we are 4 people in the office simultaneously using the XP (SP2) VPN clients to connect a remote VPN server (4 VPN pass through at the same time). The local router is a WRV54G with latest firmware (2.37). some stations are wired some are wireless.

    After a while (minustes or hours) the VPN remote gateway doesn't repond to ping command (ping timeout) and it becomes really difficult to restart/reconnect the VPN client (error 800). If i restart the local router it solves the issue for the next couple of hours. The internet connection always works.

    Here is the config
    - router has static IP with direct internet connection (no other modem or equipement)
    - IPSec, L2TP and PPTP Passthrough are all enabled.
    - the router MTU is set to 1398 so that packet are not fragmented when accessing the remote VPN gateway.
    - Port trigerring is enabled for port 500 and 1723.
    - XP registries are modified according to microsoft KB885407 article: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
    "AssumeUDPEncapsulationContextOnSendRule"=dword:00000002


    I had a look at the router logs and found several warning/errors:
    alg_nat_states_add: Failed to add NAT state
    alg_nat_states_add: Failed to add NAT state
    pptp_gre_connect() Couldn't add GRE nat
    alg_nat_states_add: Failed to add NAT state
    alg_nat_states_add: Failed to add NAT state


    as well as :

    DNS: trying forwarder 0.0.0.0.
    DNS: trying forwarder 0.0.0.0.
    DNS: too many forwarded messages
    DNS: trying forwarder 0.0.0.0.
    DNS: trying forwarder 0.0.0.0.

    Anybody has the same configuration or problems? Where can i find more about these error messages?

    Thanks
     
  2. TazUk

    TazUk Network Guru Member

    As you have a VPN router why are you not using that to make the VPN connection to the remote end rather than each client individualy?
     

Share This Page