XPost: microsoft.public.windows.terminal_services   
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Vince wrote:   
   > Well Mike, I thought I was OK, but I'm still having trouble.   
   >   
   > I re-created the tunnels between the 2 problem endpoints (Sites A and   
   > B), and things seemed to work nicely.  Phase 2 re-negotiations took   
   > only a handful of attempts.  For the past 5 days or so, the tunnels   
   > have been stable, with the phase 2's renegotiating successfully as   
   > scheduled (every 4 hours.) Then just this morning, I ran into the same   
   > problem again with the A-B tunnel, with phase 2 failing repeatedly   
   > (endless "Phase 2 complete" messages) for several hours.  I rebooted   
   > the router at Site B and the tunnels re-established after about 90   
   > seconds.  Connections and IP traffic between sites A and B have been   
   > fine for the past 3 hours; hopefully the next phase 2 re-negotiation   
   > won't barf.   
   >   
   > I'm at my wits end with this.  The tunnels out of Site C have been   
   > rock-solid since inception.  The A-B tunnel settings at Sites A and B   
   > are identical (and different from the A-C and B-C settings).  I have   
   > done a 'show config' dump and checked everything line by line.   
   > Furthermore, the IKE and Connection Profile settings for the A-B tunnel   
   > match the A-C and B-C settings (though unique from the other 2 tunnels   
   > in name, IKE Profile, and password).   
   >   
   > Netopia online chat help would not offer any VPN configuration   
   > assistance; they referred me to their fee-based production support   
   > offerings (consistent with their website's advertised support policy   
   > regarding VPN's).   
   >   
   > The only common issue I can think of at this point is that Sites A and   
   > B both have an ISP connection requiring PPPOE underlying encapsulation   
   > even though they have fixed IP addresses.  Site C (the oldest) for some   
   > reason, even though under the same provider (SBC), does not utilize   
   > PPPOE at all.   
   >   
   > Any thoughts?   
   >   
      
   PPPoE doesn't exist around here.  Every provider where I live is either   
   DHCP or manual hardcoded IP.  If there is a problem with the PPPoE side   
   of things I would have never seen it because of this.   
      
   You could try playing around with any available MTU settings if PPPoE is   
   involved.   
      
   Though it doesn't seem likely that there is a network problem if these   
   sites can communicate with the other router without problems but you   
   should check the network between the two sites.  Do ping test with large   
   packet sizes and the do not fragment bit set.  Do these tests while   
   transfering increasing amounts of data back and forth and see how it   
   behaves.   
      
   If these 2 sites do not communicate with each other frequently or   
   require high bandwidth you could route all traffic through your "site C"   
   location.   
      
   You could consider paying Netopia for their VPN setup service and if   
   they find a bug in the router firmware you get a refund. Ask them if   
   they will refund the money if they fail to get a reliable connection.   
   It's not like they charge an excessive amount for the service.  (Less   
   than a typical consultant visit)   
      
      
   On the extreme end of things you could configure a test network.  There   
   are ways of using Linux to create your very own pppoe server and make a   
   test to determine if it's the routers or the network causing the problem.   
      
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)