Server 2003 VPN stops working (but still connected).

[Pho]

We've had this problem for as long as I remember and I figured I'd finally get it solved. I can't pinpoint when this happens which makes it difficult to sort out.

We have a 2008 Web edition server in a datacentre which dials into our office running 2003 Standard with RRAS. This works fine, however randomly the link seems to stop working.

The link is active according to RRAS and both sides still show as connected. However I can't ping or access anything on the 2008 machine from the 2003 machine (the VPN server). If I initiate any traffic or ping the 2003 machine from the 2008 machine (the client) the link picks up again and either side are free to access each other.

I've tried several things to solve this including setting up scheduled tasks either side to ping each other every minute to keep the link up but this doesn't appear to work either. I can't see anything in Wireshark either (not that I necessarily know what I'm looking for).

Any ideas? The 2003 machine pulls backups from the 2008 server so this causes problems when it times out.

 

[Pho]

The 2008 machine dials in through rasdial.exe because the web edition doesn't support RRAS, I wonder whether because of this it doesn't keep the connection alive until it initiates the transfer because I guess in this situation that would be fine (the server wouldn't need to access the client).

Any idea what I'm looking for? I'm not a server admin so I mostly botch stuff together . We don't need to tunnel internet data through the office machine.

 

[Pho]

I think I might have got somewhere. I disabled the firewall on Server 2008 and couldn't see the connection drop. Selectively enabling it again it seemed like when I enabled the public profile the connection was hanging again after some time. Enabling 'log dropped packets' on the public firewall profile showed entries in the log when I tried to ping from the 2003 server:

#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2012-01-10 22:50:59 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:53:51 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 73 - - - - - - - RECEIVE
2012-01-10 22:54:09 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:54:10 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:54:14 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:54:16 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 85 - - - - - - - RECEIVE
2012-01-10 22:54:19 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 85 - - - - - - - RECEIVE
2012-01-10 22:54:19 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:54:25 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 91 - - - - - - - RECEIVE
2012-01-10 22:54:25 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 85 - - - - - - - RECEIVE
2012-01-10 22:55:56 DROP 47 xxx.xxx.34.96 94.76.xxx.xxx - - 73 - - - - - - - RECEIVE

Googing protocol 47 shows that it is GRE and on further investigation GRE was blocked on the Server 2008 firewall - Routing and Remote Access (GRE-In). Enabling that opened it up again.

I've tried it at several intervals since and it seems fine, now to see whether the backup go through tonight.

Wonder why I have to unblock GRE on the client side though?

Thanks for the help .