Windows 10 client VPN dropping...

CarlosCoque
Here to help

Windows 10 client VPN dropping...

Hi everyone,

I'm having a very particular issue.

I have 2 firewalls connected to the same modem: a Meraki MX64 and another from a different brand.

About a month ago, some users complained that they could not complete the download of a 1.4GB file from one of our servers.

I haven't imagined that it could be a broader issue, so I asked them to restart their computers and try again.

Over time they'd eventually be able to download that file and stop reporting that issue.

A couple of days ago however I got that same issue with another user and decided to further investigate.

She wasn't able to download the file and would get an error after about 5 to 7 minutes of downloading the file, according to her.

I tried downloading the same file from my laptop and it did work fine.

On the following day though, when I was trying to develop a robocopy batch to help her out with the download process, the same issue started happening to me over and over.

I tried uninstalling all the security software on my laptop and it'd still drop the VPN connection during the file download.

I tried downloading other large files and would get interrupted in the same percentages for each file.

Then, I decided to try connecting to the VPN of the other firewall that is connected to the same LAN as the MX64.

Surprisingly, I got a similar issue.

I also tried checking the MX64 logs and Windows Application logs, but haven't found any clue.

Today I did some additional testing and tried downloading a 600Mb file 3 times.

All of them have failed at the same point (28% transferred, then the speed goes to 0, and a couple of minutes after the VPN connection to MX64 drops).

I suspect it can be something with Windows VPN configuration but I have to confess I'm pretty lost at the moment.

Did anyone had a similar issue before?

Thanks!

6 REPLIES 6
PhilipDAth
Kind of a big deal

Check the security centre to ensure you are not tripping some IPS signature that is killing the transfer.

 

You may be experiencing issues with asymmetric transfer times (especially if the user has an asymmetric Internet circuit, such as 100 down and 20 up).

Try doing the below to enable timestamps (ideally, this should be done on the server and client) to see if it helps:

netsh int tcp set global timestamps=enable 

 

If you don't mind spending a small amount of money, Cisco AnyConnect is may better than the Windows client VPN.  Perhaps you could give that a try:

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance 

CarlosCoque
Here to help

No luck.

I noticed that it usually happens at the same point of the file transfer (28% for some files, 47% for others).

What seems to be happening is that after some amount of data is transferred (or transfer time), the network adapter on the remote host where the client VPN is running simply stops working making the internet connection drop, and then it drops the VPN connection as well.

That's why I believe it's an issue with the remote client and not the MX.

After some time it gets back online.

I tried virtually everything already and it simply keeps happening with multiple laptops (not sure if all because most people don't transfer large files through the VPN link).

Here is a list of what I remember having tried:

- Uninstalling all security software

- Disabling Windows firewall

- Restarting internet modem

- Using a VPN from another firewall connected to the same modem as our main firewall

- Changing network profile (Public vs Private)

- Changing file type (exe vs dummy file)

- Changing MTU

- Changing from Wireless to Wired

- Copying using shared drives, RDP (copy from RDP and paste locally), RDP local drive configuration, and robocopy/

- Disabling "Allow the computer to turn off this device to save power" on the network adapter

and a few more...

Did anyone have anything similar?

Could you also try checking the home router firmware being used and ensure that is up to date?

 

I would try disabling IPS and AMP for a short time (under Security & SD-WAN/Threat Protection) to see if they are impacting anything.

 

 

CarlosCoque
Here to help

Hi @PhilipDAth, thanks again for another suggestion.

No luck again...

It still stops the transfer at the same point.

I also tried with the other firewall we have (non-Meraki) and had a similar issue.

That's the reason after some troubleshooting I believe it could be something not directly related to Meraki.

Since transfer speeds are around 1MB/s (very slow) I believe that it could be something related to a timeout.

It could also be a download file buffer or something similar that could be getting full.

I'm really intrigued with this issue...

PhilipDAth
Kind of a big deal

Does the MX at the office have a public IP on it,  or is it sitting behind something else doing NAT?

 

 

I would try Cisco AnyConnect ...

It has a public IP, however, the issue is happening with a SonicWall firewall behind the same modem and with a different public IP address.

That's why I believe the MX is not the issue.

We also use Meraki switches all over our network.

Do you think it could be something with those switches?

Like, maybe an MX security policy applied to the switches to protect the LAN?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels