1. Home
  2. Cisco Systems
  3. Unreliable ADSL vs. site to site tunnel

Unreliable ADSL vs. site to site tunnel

Scenario: an 800 series ADSL router with a site to site VPN tunnel terminated on it, that is connected to an apparently unreliable rate-adaptive ADSL circuit. Sync speed and noise margin vary apparently at random throughout the day, although some days it can go nearly eight hours without a change in sync. Note that it doesn't actually appear to lose sync for very long. The problem as reported by the end user is that RDP sessions pause and then disconnect at random throughout the day. An immediate restart of the RDP session is successful. I am monitoring cipSecGlobalActiveTunnels.0 and it is never anything other than '1' [although if the ADSL is down, I can't reach it to poll it...]

What I am trying to work out is, will Dialer0 be going down when the ADSL resyncs, and if so, is the router dropping and restarting the VPN tunnel when this happens? Presumably if the router drops the VPN tunnel, it'll be sending an RST to the RDP clients causing them to drop, although I'm far from certain on that. If that's the case, is there a method to force the tunnel to stay up even though Dialer0 is down? The thought of sticking another DSL router in front of the 800 series has occurred to me, that way the interface the tunnel is on will never go down ;-)

Reply to
alexd
Loading thread data ...

I am not sure exactly why the RDP session is dropping if the VPN is down for a short time. It is not unreasonable to consider that RDP has some sort of keepalive mechanism that is being triggered. I have looked at many RDP packet traces but I forget. You could find out by looking at some packet dumps with wireshark. Wireshark is free if you are not using Wireless.

What sort of 800 have you? If it is an 87x then make sure you are running later software. If you do not have an account then the DSL software was available free on the cisco ftp site. I have posted details about it here before.

ftp://ftp.cisco.com/pub/access/800/

hmm I just tried it and it did not want to work. Maybe something has been changed? I did not try both active and passive ftp.

Complain to the ISP otherwise.

I believe that the noise margin as reported by sh dsl int atm 0 should be at least 6dB.

The log will show disconnection times if enabled.

Make sure that the issue is not being caused by something inside your premises. You can try to disconnect all phones for a bit to see if issue goes away. Connect router as close to telco as possible and disconnect *everything* else from line for test.

Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.