An update to this issue. It was discovered that the VPN being connected to is a Watchguard VPN. The disconnect is happening after 18 minutes and it is a known problem with Watchguard when a connection is being made through Microsoft ICS and ISA Server. See a copy of the log below and the comment from Watchguard. If anyone has seen this issue and has heard of a solution, please let me know. The issue is logged with Watchguard and I will forward their solution when and if it arrives. E-mail from Watchguard first line support: Issue: Under certain conditions, Windows 2000 PPTP clients will become disconnected after 18 minutes of connect time, regardless of network activity. Date Reported: 6/10/2001 Description: When negotiating PPTP tunnels with a Windows 2000 client, sometimes the 2000 client fails to send a TCP ACK to the Firebox in response to a PPTP "set-link-info" packet. The Firebox attempts to send this packet every minute with no response from the 2000 client. This is a TCP mis-timing issue that seems to happen when ICS (Internet Connection Sharing) is enabled on the Windows 2000 system. Workaround: Internal testing has revealed that disabling ICS with Windows 2000 stops this timing issue from occurring. To disable ICS: From the desktop, right-click My Network Places, select Properties. Right-click Local Area Connection, select Properties. Note: If you have more than one Local Area Connection, repeat this procedure for each entry to make sure ICS is completely disabled. Double-click TCP/IP. Select the Sharing tab. Disable Internet Connection Sharing. Click OK. Click OK. Current Status: 3rd party issue. Software Version: All Firebox versions. Copy of the log file and we can see the heartbeat disconnect: 16:10:35 pptpd[1869] Terminating on signal 2. 16:10:35 pptpd[1869] Connection terminated. 16:10:35 pptpd[1869] Persist flag not set, so we are exiting. 16:10:35 kernel pptp5: pptp_sock_close 16:10:35 pptpd[1869] Drop Host 14 202.27.160.45 pptp_users amr succeeded 16:10:35 pptpd[1869] User amr at 202.27.160.45 logged out 16:10:35 pptpd[1869] Exit. 16:10:40 pptpd[2352] Watchguard pptpd 2.2.0 started 16:10:40 pptpd[2352] Using interface pptp5 16:10:40 kernel pptp5: daemon attached. 16:10:40 pptpd[2352] Connect: pptp5 [5] <-->203.202.185.62 16:10:41 tunneld[113] process_stop_request: invalid state for 203.202.185.62 16:10:41 tunneld[113] process_rfds: unable to process packet from 203.202.185.62 16:10:41 pptpd[2352] Terminating on signal 2. 16:10:41 pptpd[2352] Connection terminated. 16:10:41 pptpd[2352] Persist flag not set, so we are exiting. 16:10:41 kernel pptp5: pptp_sock_close 16:10:41 pptpd[2352] Exit. 16:12:08 pptpd[1929] Terminating on signal 2. 16:12:09 pptpd[1929] Connection terminated. 16:12:09 pptpd[1929] Persist flag not set, so we are exiting. 16:12:09 kernel pptp2: pptp_sock_close 16:12:09 pptpd[1929] Drop Host 14 202.27.160.42 pptp_users pas succeeded 16:12:09 pptpd[1929] User pas at 202.27.160.42 logged out 16:12:09 pptpd[1929] Exit. 16:19:38 pptpd[2583] Watchguard pptpd 2.2.0 started 16:19:38 pptpd[2583] Using interface pptp2 16:19:38 kernel pptp2: daemon attached. 16:19:38 pptpd[2583] Connect: pptp2 [2] <-->203.202.185.62 16:19:38 kernel GRE: out of order: as:0 seq:0 from:0x3eb9cacb 16:19:41 pptpd[2583] User jjc at 202.27.160.42 logged in 16:19:41 pptpd[2583] Add Host 14 202.27.160.42 pptp_users jjc succeeded 16:19:42 pptpd[2583] Compression enabled 16:19:42 pptpd[2583] Using PPTP encryption RC4 40-bit. 16:19:42 pptpd[2583] Not using any PPTP software compression. 16:19:42 pptpd[2583] Using stateless mode. 16:19:42 pptpd[2583] Allowing unsafe packet transfer mode for lossy links. 16:19:42 pptpd[2583] local IP address 202.27.160.5 16:19:42 pptpd[2583] remote IP address 202.27 .160.42 16:19:42 pptpd[2583] found interface eth0 for proxy arp 16:19:42 pptpd[2583] found interface eth1 for proxy arp 16:19:42 pptpd[2583] found interface eth2 forproxy arp > You don't get alerts for no reason, though the causes aren't always clear. > Take a look in the registry for this value: > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\{GUID}\Servers\{GUID}] > "msFPCIntraArrayAddress"="<someIPaddress>" > ..replace {GUID} with the huge number you find there.. > > If it doesn't match your internal IP, change it so that it does. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > > ----- Original Message ----- > From: "Peter" <Peter@xxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, January 25, 2002 13:01 > Subject: [isalist] Re: VPN Timeouts > > > Still no solution. If anyone has seen this issue, please respond with > comments!! > > We have an ISA Server running very well but every 16 or so minutes the > clients (on the internal side of the ISA server) are disconnected from > their external VPN's. > > It is 16 or so minutes after VPN connection not all at the same time. I > have tried to disable the QOS on the external side. I have very few errors > in the logs. The errors I have are; > > 1. On boot I get a "<I>IntraArrayAddress</I> defined on this server is not > in > the Local Address Table". However we only have one ISA server running in > intgrated mode. > > 2. I get a "Cannot read configuration" from time to time in the alert > section. > > The server has publishing rules (eg OWA, some servers etc) and they all > work fine. > > From the ISA Server A VPN session does not drop. > > > If anyone has an idea what is causing this issue, please comment. > > Note. I configured the VPN's with the wizards. I have tried to do > everything by the rules. > > Thanks & HELP!! > > > We have an ISA Server running very well but every 16 or so minutes the > > clients (on the internal side of the ISA server) are disconnected from > > their external VPN's. > > > > It is 16 or so minutes after VPN connection not all at the same time. I > > have tried to disable the QOS on the external side. I have very few errors > > in the logs. The errors I have are; > > > > 1. On boot I get a "<I>IntraArrayAddress</I> defined on this server is > not in > > the Local Address Table". However we only have one ISA server running in > > intgrated mode. > > > > 2. I get a "Cannot read configuration" from time to time in the alert > > section. > > > > The server has publishing rules (eg OWA, some servers etc) and they all > > work fine. > > > > From the ISA Server A VPN session does not drop. > > > > I purchased the book but the lists seem to be riddled with PGP near the > > answer to issues. > > > > If anyone has an idea what is causing this issue, please comment. > > > > Note. I configured the VPN's with the wizards. I have tried to do > > everything by the rules. > > > > Thanks.. > > > > > Was there ever a response to this issue? > > > > > > Peter@xxxxxxxxxxxxxxxxx > > > > > > > > > > > > > This is a multi-part message in MIME format. > > > > > > > > ------=_NextPart_000_060C_01C16927.1499A860 > > > > Content-Type: text/plain; > > > > charset="iso-8859-1" > > > > Content-Transfer-Encoding: quoted-printable > > > > > > > > RE: [isalist] Re: VPN Timeoutsdiito here: > > > > > > > > My internal win98 snat clients connecting to external VPN server times > = > > > > out after approx 20mins > > > > ----- Original Message -----=20 > > > > From: Jeff_Bevans@xxxxxxxxxxx=20 > > > > To: [ISAserver.org Discussion List]=20 > > > > Sent: Friday, November 09, 2001 10:22 AM > > > > Subject: [isalist] Re: VPN Timeouts > > > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > > > I have the problem as well, but for clients connecting into the vpn > = > > > > server. If I click on redial it authenticates right away. > > > > > > > > Jeff Bevans=20 > > > > > > > > -----Original Message-----=20 > > > > From: Thor@xxxxxxxxxxxxxxx [mailto:Thor@xxxxxxxxxxxxxxx]=20 > > > > Sent: November 9, 2001 10:17 AM=20 > > > > To: [ISAserver.org Discussion List]=20 > > > > Subject: [isalist] Re: VPN Timeouts=20 > > > > > > > > > > > > > > > > http://www.ISAserver.org=20 > > > > > > > > > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----=20 > > > > Hash: SHA1=20 > > > > > > > > > > > > > > > > I noticed! I'm just having similar problems with one site, and I > was=20 > > > > waiting for Jim to tell us how to fix it!!!=20 > > > > > > > > At 12:13 PM 11/9/2001 -0600, you wrote:=20 > > > > >http://www.ISAserver.org=20 > > > > >=20 > > > > >I asked this question yesterday, but no one noticed.=20 > > > > >=20 > > > > >On two separate ISA servers I am getting VPN Timeouts. It > connects, = > > > > sits=20 > > > > >at verifying username & password, then times out saying no > response.=20 > > > > >=20 > > > > >What might I have missed ?=20 > > > > >=20 > > > > >TIA=20 > > > > >=20 > > > > >Paul Nuernberger=20 > > > > >Manager=20 > > > > >BARON Computers, Inc.=20 > > > > >=20 > > > > >------------------------------------------------------=20 > > > > >You are currently subscribed to this ISAserver.org Discussion List > = > > > > as:=20 > > > > >thor@xxxxxxxxxxxxxxx=20 > > > > >To unsubscribe send a blank email to = > > > > $subst('Email.Unsub')=20 > > > > > > > > -----BEGIN PGP SIGNATURE-----=20 > > > > Version: PGP 7.1=20 > > > > > > > > iQA/AwUBO+wdg4hsmyD15h5gEQKb1QCgr1WL6vRz+3AC/V7TadkuBoUcLNwAniJp=20 > > > > /BvGwYJ7FcQ0iJUMbCsZ78vh=20 > > > > =3D/9MD=20 > > > > -----END PGP SIGNATURE-----=20 > > > > > > > > ------------------------------------------------------=20 > > > > You are currently subscribed to this ISAserver.org Discussion List > as: = > > > > jeff_bevans@xxxxxxxxxxx=20 > > > > To unsubscribe send a blank email to = > > > > $subst('Email.Unsub')=20 > > > > > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List > as: = > > > > jim@xxxxxxxxxxxxxxxxxx > > > > To unsubscribe send a blank email to = > > > > $subst('Email.Unsub')=20 > > > > > > > > ------=_NextPart_000_060C_01C16927.1499A860 > > > > Content-Type: text/html; > > > > charset="iso-8859-1" > > > > Content-Transfer-Encoding: quoted-printable > > > > > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > > > <HTML><HEAD><TITLE>RE: [isalist] Re: VPN Timeouts</TITLE> > > > > <META http-equiv=3DContent-Type content=3D"text/html; = > > > > charset=3Diso-8859-1"> > > > > <META content=3D"MSHTML 5.50.4807.2300" name=3DGENERATOR> > > > > <STYLE></STYLE> > > > > </HEAD> > > > > <BODY bgColor=3D#ffffff>http://www.ISAserver.org<BR> > <BR> > > > > > > <DIV><FONT face=3DArial size=3D2>diito here:</FONT></DIV> > > > > <DIV> </DIV> > > > > <DIV><FONT face=3DArial size=3D2>My internal win98 snat clients = > > > > connecting to=20 > > > > external VPN server times out after approx 20mins</FONT></DIV> > > > > <BLOCKQUOTE=20 > > > > style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = > > > > BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> > > > > <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> > > > > <DIV=20 > > > > style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = > > > > black"><B>From:</B>=20 > > > > <A title=3DJeff_Bevans@xxxxxxxxxxx=20 > > > > href=3D"mailto:Jeff_Bevans@xxxxxxxxxxx";>Jeff_Bevans@xxxxxxxxxxx</A> > = > > > > </DIV> > > > > <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = > > > > title=3Disalist@xxxxxxxxxxxxx=20 > > > > href=3D"mailto:isalist@xxxxxxxxxxxxx";>[ISAserver.org Discussion = > > > > List]</A> </DIV> > > > > <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, November 09, > 2001 = > > > > 10:22=20 > > > > AM</DIV> > > > > <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [isalist] Re: VPN = > > > > Timeouts</DIV> > > > > <DIV><BR></DIV><A=20 > > > > = > > > > > href=3D"http://www.ISAserver.org";>http://www.ISAserver.org</A><BR><BR><!-= > > > > - Converted from text/plain format --> > > > > <P><FONT size=3D2>I have the problem as well, but for clients = > > > > connecting into=20 > > > > the vpn server. If I click on redial it authenticates right=20 > > > > away.</FONT></P> > > > > <P><FONT size=3D2>Jeff Bevans</FONT> </P> > > > > <P><FONT size=3D2>-----Original Message-----</FONT> <BR><FONT = > > > > size=3D2>From: <A=20 > > > > href=3D"mailto:Thor@xxxxxxxxxxxxxxx";>Thor@xxxxxxxxxxxxxxx</A> [<A=20 > > > > = > > > > > href=3D"mailto:Thor@xxxxxxxxxxxxxxx";>mailto:Thor@xxxxxxxxxxxxxxx</A>]</FO= > > > > NT>=20 > > > > <BR><FONT size=3D2>Sent: November 9, 2001 10:17 AM</FONT> <BR><FONT > = > > > > size=3D2>To:=20 > > > > [ISAserver.org Discussion List]</FONT> <BR><FONT size=3D2>Subject: = > > > > [isalist] Re:=20 > > > > VPN Timeouts</FONT> </P><BR> > > > > <P><FONT size=3D2><A=20 > > > > > href=3D"http://www.ISAserver.org";>http://www.ISAserver.org</A></FONT>=20 > > > > </P><BR><BR> > > > > <P><FONT size=3D2>-----BEGIN PGP SIGNED MESSAGE-----</FONT> > <BR><FONT=20 > > > > size=3D2>Hash: SHA1</FONT> </P><BR> > > > > <P><FONT size=3D2>I noticed! I'm just having similar problems > = > > > > with one=20 > > > > site, and I was </FONT><BR><FONT size=3D2>waiting for Jim to tell us > = > > > > how to fix=20 > > > > it!!!</FONT> </P> > > > > <P><FONT size=3D2>At 12:13 PM 11/9/2001 -0600, you wrote:</FONT> = > > > > <BR><FONT=20 > > > > size=3D2>><A=20 > > > > > href=3D"http://www.ISAserver.org";>http://www.ISAserver.org</A></FONT> = > > > > <BR><FONT=20 > > > > size=3D2>></FONT> <BR><FONT size=3D2>>I asked this question = > > > > yesterday, but=20 > > > > no one noticed.</FONT> <BR><FONT size=3D2>></FONT> <BR><FONT = > > > > size=3D2>>On=20 > > > > two separate ISA servers I am getting VPN Timeouts. It > connects, = > > > > sits=20 > > > > </FONT><BR><FONT size=3D2>>at verifying username & password, > = > > > > then times=20 > > > > out saying no response.</FONT> <BR><FONT size=3D2>></FONT> = > > > > <BR><FONT=20 > > > > size=3D2>>What might I have missed ?</FONT> <BR><FONT = > > > > size=3D2>></FONT>=20 > > > > <BR><FONT size=3D2>>TIA</FONT> <BR><FONT size=3D2>></FONT> = > > > > <BR><FONT=20 > > > > size=3D2>>Paul Nuernberger</FONT> <BR><FONT = > > > > size=3D2>>Manager</FONT>=20 > > > > <BR><FONT size=3D2>>BARON Computers, Inc.</FONT> <BR><FONT = > > > > size=3D2>></FONT>=20 > > > > <BR><FONT=20 > > > > = > > > > > size=3D2>>------------------------------------------------------</FONT= > > > > >=20 > > > > <BR><FONT size=3D2>>You are currently subscribed to this = > > > > ISAserver.org=20 > > > > Discussion List as: </FONT><BR><FONT = > > > > size=3D2>>thor@xxxxxxxxxxxxxxx</FONT>=20 > > > > <BR><FONT size=3D2>>To unsubscribe send a blank email to=20 > > > > $subst('Email.Unsub')</FONT> </P> > > > > <P><FONT size=3D2>-----BEGIN PGP SIGNATURE-----</FONT> <BR><FONT = > > > > size=3D2>Version:=20 > > > > PGP 7.1</FONT> </P> > > > > <P><FONT=20 > > > > = > > > > > size=3D2>iQA/AwUBO+wdg4hsmyD15h5gEQKb1QCgr1WL6vRz+3AC/V7TadkuBoUcLNwAniJp= > > > > </FONT>=20 > > > > <BR><FONT size=3D2>/BvGwYJ7FcQ0iJUMbCsZ78vh</FONT> <BR><FONT = > > > > size=3D2>=3D/9MD</FONT>=20 > > > > <BR><FONT size=3D2>-----END PGP SIGNATURE-----</FONT> </P> > > > > <P><FONT = > > > > > size=3D2>------------------------------------------------------</FONT>=20 > > > > <BR><FONT size=3D2>You are currently subscribed to this > ISAserver.org = > > > > Discussion=20 > > > > List as: jeff_bevans@xxxxxxxxxxx</FONT> <BR><FONT size=3D2>To = > > > > unsubscribe send a=20 > > > > blank email to $subst('Email.Unsub')</FONT>=20 > > > > </P>------------------------------------------------------<BR>You > are=20 > > > > currently subscribed to this ISAserver.org Discussion List as:=20 > > > > jim@xxxxxxxxxxxxxxxxxx<BR>To unsubscribe send a blank email to=20 > > > > $subst('Email.Unsub') </BLOCKQUOTE> > ------------------------------------------------------<BR> > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx<BR> > To unsubscribe send a blank email to $subst('Email.Unsub') > </BODY></HTML> > > > > > > > > ------=_NextPart_000_060C_01C16927.1499A860--