Wyse Thin Client - 831 - Cable Modem - VPN 3030 Problem?

Discussion in 'Cisco' started by TechGuy, Apr 30, 2005.

  1. TechGuy

    TechGuy Guest

    I have one of the most perplexing problems I have run across in a long
    time. I am trying to rollout some Wyse thin clients to some home users,
    using an 831 router connected to a cable internet service with a IPSEC
    VPN connection back to 3030 concentrator.

    Every 60 minutes the ipsec tunnel goes down between the 831 and the
    3030. First I thought it was a keep alive issue since it was so
    consistent in happening every 60 mins. I adjusted just about any values
    I could find on the 3030 that mentioned 3600 seconds to something
    greater to see if that changed anything in order to narrow down the
    problem.

    Nothing I did on the concentrator seemed to affect the outcome of the
    tunnel and this problem.

    I then looked at the router and found nothing that stood out that would
    affect the tunnel going down every 60 mins.

    I finally opened a TAC issues this past friday and was told to try
    these commands on the 831:

    crypto isakmp keepalives 10
    crypto isakmp invalid-spi-recovery

    Did that and still no change. Tunnel goes down every 60 mins.

    Late friday I had to move stuff around in my test environment and took
    the WYSE thin client off the 831. So I was left with the 831 router
    with a ipsec vpn tunnel back to my 3030 via a cable internet service. I
    also had a 7940 ip phone connected and working on the 831 but no WYSE
    thin client.

    This morning I noticed the vpn tunnel had not gone down since removing
    the thin client from the router. I wondered if this was a fluke and
    immediately went into the office today and plugged the thin client back
    in to the 831. Sure enough 60 mins later the vpn tunnel went down. I
    then waited a few more hours and watched and sure enough just about
    every 60 mins on the dot the tunnel just goes down, eventually it comes
    back up in about 5 mins. I can make it come back up sooner if I logout
    the session on the 3030 concentrator.

    So, the problem seems to be directly related to having the thin client
    connected. If I dont plug the thin client into the 831 the tunnel stays
    up and I have no problems. I even have tested with the 7940 phone and
    all works fine as long as the thin client is not connected.

    And that is why I am here, I just dont get what could be going on. I
    mean its one thing if the thin clients session with the terminal server
    would time out every 60 mins (which it does not) but I dont see how the
    thin client can in any way affect the vpn tunnel resetting every 60
    mins.

    So then I say its got to be a router or concentrator issue. But I dont
    see how that can be given that the tunnel works and stays up as long as
    the thin client is not connected.

    By the way the thin client is using RDP and not ICA. I am going to test
    later if the same issue happens by using ICA on the thin client as
    opposed to RDP.

    I have done the same results on three different 831 routers, connected
    to three different cable and dsl providers.

    I am dying to resolve this issue or at least understand why its
    happening as I am suppose to be rolling out quite a few of these things
    to users that will soon start working from home.
     
    TechGuy, Apr 30, 2005
    #1
    1. Advertising

  2. TechGuy

    Dana Guest

    "TechGuy" <> wrote in message
    news:...
    > I have one of the most perplexing problems I have run across in a long
    > time. I am trying to rollout some Wyse thin clients to some home users,
    > using an 831 router connected to a cable internet service with a IPSEC
    > VPN connection back to 3030 concentrator.
    >
    > Every 60 minutes the ipsec tunnel goes down between the 831 and the
    > 3030. First I thought it was a keep alive issue since it was so
    > consistent in happening every 60 mins. I adjusted just about any values
    > I could find on the 3030 that mentioned 3600 seconds to something
    > greater to see if that changed anything in order to narrow down the
    > problem.
    >
    > Nothing I did on the concentrator seemed to affect the outcome of the
    > tunnel and this problem.
    >
    > I then looked at the router and found nothing that stood out that would
    > affect the tunnel going down every 60 mins.
    >
    > I finally opened a TAC issues this past friday and was told to try
    > these commands on the 831:
    >
    > crypto isakmp keepalives 10
    > crypto isakmp invalid-spi-recovery
    >
    > Did that and still no change. Tunnel goes down every 60 mins.
    >
    > Late friday I had to move stuff around in my test environment and took
    > the WYSE thin client off the 831. So I was left with the 831 router
    > with a ipsec vpn tunnel back to my 3030 via a cable internet service. I
    > also had a 7940 ip phone connected and working on the 831 but no WYSE
    > thin client.
    >
    > This morning I noticed the vpn tunnel had not gone down since removing
    > the thin client from the router. I wondered if this was a fluke and
    > immediately went into the office today and plugged the thin client back
    > in to the 831. Sure enough 60 mins later the vpn tunnel went down. I
    > then waited a few more hours and watched and sure enough just about
    > every 60 mins on the dot the tunnel just goes down, eventually it comes
    > back up in about 5 mins. I can make it come back up sooner if I logout
    > the session on the 3030 concentrator.
    >
    > So, the problem seems to be directly related to having the thin client
    > connected. If I dont plug the thin client into the 831 the tunnel stays
    > up and I have no problems. I even have tested with the 7940 phone and
    > all works fine as long as the thin client is not connected.
    >
    > And that is why I am here, I just dont get what could be going on. I
    > mean its one thing if the thin clients session with the terminal server
    > would time out every 60 mins (which it does not) but I dont see how the
    > thin client can in any way affect the vpn tunnel resetting every 60
    > mins.
    >
    > So then I say its got to be a router or concentrator issue. But I dont
    > see how that can be given that the tunnel works and stays up as long as
    > the thin client is not connected.
    >
    > By the way the thin client is using RDP and not ICA. I am going to test
    > later if the same issue happens by using ICA on the thin client as
    > opposed to RDP.
    >
    > I have done the same results on three different 831 routers, connected
    > to three different cable and dsl providers.
    >
    > I am dying to resolve this issue or at least understand why its
    > happening as I am suppose to be rolling out quite a few of these things
    > to users that will soon start working from home.
    >


    What model Wyse thin client and OS are you using?
     
    Dana, Apr 30, 2005
    #2
    1. Advertising

  3. TechGuy

    Dana Guest

    "TechGuy" <> wrote in message
    news:...
    > I have one of the most perplexing problems I have run across in a long
    > time. I am trying to rollout some Wyse thin clients to some home users,
    > using an 831 router connected to a cable internet service with a IPSEC
    > VPN connection back to 3030 concentrator.
    >
    > Every 60 minutes the ipsec tunnel goes down between the 831 and the
    > 3030. First I thought it was a keep alive issue since it was so
    > consistent in happening every 60 mins. I adjusted just about any values
    > I could find on the 3030 that mentioned 3600 seconds to something
    > greater to see if that changed anything in order to narrow down the
    > problem.
    >
    > Nothing I did on the concentrator seemed to affect the outcome of the
    > tunnel and this problem.
    >
    > I then looked at the router and found nothing that stood out that would
    > affect the tunnel going down every 60 mins.
    >
    > I finally opened a TAC issues this past friday and was told to try
    > these commands on the 831:
    >
    > crypto isakmp keepalives 10
    > crypto isakmp invalid-spi-recovery
    >
    > Did that and still no change. Tunnel goes down every 60 mins.
    >
    > Late friday I had to move stuff around in my test environment and took
    > the WYSE thin client off the 831. So I was left with the 831 router
    > with a ipsec vpn tunnel back to my 3030 via a cable internet service. I
    > also had a 7940 ip phone connected and working on the 831 but no WYSE
    > thin client.
    >
    > This morning I noticed the vpn tunnel had not gone down since removing
    > the thin client from the router. I wondered if this was a fluke and
    > immediately went into the office today and plugged the thin client back
    > in to the 831. Sure enough 60 mins later the vpn tunnel went down. I
    > then waited a few more hours and watched and sure enough just about
    > every 60 mins on the dot the tunnel just goes down, eventually it comes
    > back up in about 5 mins. I can make it come back up sooner if I logout
    > the session on the 3030 concentrator.
    >
    > So, the problem seems to be directly related to having the thin client
    > connected. If I dont plug the thin client into the 831 the tunnel stays
    > up and I have no problems. I even have tested with the 7940 phone and
    > all works fine as long as the thin client is not connected.
    >
    > And that is why I am here, I just dont get what could be going on. I
    > mean its one thing if the thin clients session with the terminal server
    > would time out every 60 mins (which it does not) but I dont see how the
    > thin client can in any way affect the vpn tunnel resetting every 60
    > mins.
    >
    > So then I say its got to be a router or concentrator issue. But I dont
    > see how that can be given that the tunnel works and stays up as long as
    > the thin client is not connected.
    >
    > By the way the thin client is using RDP and not ICA. I am going to test
    > later if the same issue happens by using ICA on the thin client as
    > opposed to RDP.
    >
    > I have done the same results on three different 831 routers, connected
    > to three different cable and dsl providers.
    >
    > I am dying to resolve this issue or at least understand why its
    > happening as I am suppose to be rolling out quite a few of these things
    > to users that will soon start working from home.


    Do you have device check in enabled on the Wyse client
    >
     
    Dana, Apr 30, 2005
    #3
  4. In article <>,
    TechGuy <> wrote:
    :using an 831 router connected to a cable internet service with a IPSEC
    :VPN connection back to 3030 concentrator.


    :This morning I noticed the vpn tunnel had not gone down since removing
    :the thin client from the router.

    :By the way the thin client is using RDP and not ICA.

    That might be a clue. It would be interesting to turn on
    any rdp and SIP related debugs and see if anything interesting
    crops up.

    Is it possible that the 831 is rebooting at the times you note?
    --
    Ceci, ce n'est pas une idée.
     
    Walter Roberson, Apr 30, 2005
    #4
  5. TechGuy

    TechGuy Guest

    Dana,

    I am unsure at the moment about the model of the wyse as well as what
    this "device check" you mentioned. Monday when I am in the office I
    will confirm and get back with that info. Can you explain the "device
    check" you mentioned?
     
    TechGuy, May 1, 2005
    #5
  6. TechGuy

    TechGuy Guest

    I know the 831 is not rebooting, I had been consoled in to it and
    watched while running debugs on crypto ipsec and crypto isakmp. It is
    just the VPN tunnel that goes down. I can ping the outside internet
    interface of 831 from the concentrator the whole time, but the inside
    interface which needs the VPN to be up in order to ping is unreachable
    because the VPN session goes down.

    First thing monday I am going to change the thin client to use ICA and
    see what happens. My hope is that things will work with ICA, it will
    not however make this issue clear to me as I cannot understand how or
    why the thin client is affecting the ipsec tunnel especially in such a
    timely and consistent way.
     
    TechGuy, May 1, 2005
    #6
  7. TechGuy

    Dana Guest

    "TechGuy" <> wrote in message
    news:...
    > Dana,
    >
    > I am unsure at the moment about the model of the wyse as well as what
    > this "device check" you mentioned. Monday when I am in the office I
    > will confirm and get back with that info. Can you explain the "device
    > check" you mentioned?


    It is part of the Rapport Management system from Wyse.
    It has the clients periodically check in with the management system. The
    default is every hour. I wonder if this is enabled if this is what is
    causing your hourly tunnel fault.

    http://www.wyse.com/serviceandsupport/support/documentindex.htm


    WyseT Rapport® Version 4.4

    >
     
    Dana, May 1, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jimmyzshack
    Replies:
    1
    Views:
    565
    Claude LeFort
    Nov 19, 2003
  2. Joe Shmoe

    VPN Client 4.0.3(f) to VPN 3030

    Joe Shmoe, Apr 14, 2004, in forum: Cisco
    Replies:
    15
    Views:
    13,152
    News Account
    Apr 16, 2004
  3. RasnCain
    Replies:
    0
    Views:
    510
    RasnCain
    Feb 28, 2005
  4. DavidK
    Replies:
    1
    Views:
    560
    John C. Ring, Jr.
    Mar 8, 2005
  5. Replies:
    0
    Views:
    890
Loading...

Share This Page