pyfagorus -> RE: RDP packets dropped with 0x80070008 error (NOT ENOUGH MEMORY) (20.Dec.2008 9:51:08 AM)
I have the same error with L2TP VPN. VPN connections are diconnected periodically with error:
result_code = 0x80070008 ERROR_NOT_ENOUGH_MEMORY;
protocol = IP IPsec NAT-T Client;
direction = vpn_clinet -> server.
Windows 2003 server SP2
ISA2006 Standart SP1
(First access rule)
I have standart VPN L2TP system access policy where IPsec NAT-T Client rule is:
port = UDP:4500;
direction = Send Recieve, from external to localhost.
(Second access rule)
And i have another access rule in Firewall Policy Rules:
port = UDP:1-65535;
direction = Send, from localhost to external.
This is last rule and maybe strange behavior ISA2006 are reason of my troubles.
Strange behavior becouse, first VPN L2TP rule should be processed before all firewall policy rules
as for sending IPsec NAT-T, as for recieving IPsec NAT-T.
However, the diagnostic log showed me that sending IPsec NAT-T packet processed by the first rule,
but recieving IPsec NAT-T processed by the second rule.
I think that ISA2006 dont destroy not finished send-recieve udp pair, and new udp packet from external
create a new record in memory for new pair. As result we have not enough memory.
I disable my second rule, and now LT2P VPN work fine.