I had searched quite a few posts before posting here and did not really find a good answer as to what I can fix to correct this issue.

All Mikrotik Routers are RB532A models running OS 3.24 with ospf routing enabled between remote subnets.

2 Mikrotiks are connected to public ip addresses on ether1 port and each has a nat rule to allow users behind them to access the internet No firewall filters are in place to block any kind of outgoing traffic, all traffic is allowed from behind the nat routers.

Problem is, we have auditors that come in every summer and they bring their laptops in with them. THese windows xp laptops all have a vpn connection that connects back to their home office. Not sure what the vpn client running is (not my laptops to look at) but it seems to be that some run PPTP while other are running something ipsec based. I see outgoing traffic to their home office ip address on port 1723 and protocol GRE for one laptop, then others have outgoing UDP connections on port 500 and 4500 (src and dst ports).

My issue is that their connections keep dropping after a random amount of time. Some connections drop after a few minutes, sometimes 30 minutes or more. But it keeps happening. I have seen other posts describing this but no real concrete answers. I have tested this behind a cheap linksys router we had and they had no problems. Obviosuly I cannot throw chepa linksys in to replace my main MT router, so does nyone have any ideas as to what I can do to fix this?

THanks,

Please, check your firewall settings.

For NATted PPTP usually it is enough to have the following option enabled,
More problems for IPSec connection, as you have NAT on the router. IPSec nodes should have NAT-T support enabled to get through IPSec traffc over NAT.

Service port for pptp is enabled. SHould I specify a port for it? or just leave it alone.

IPSec nodes should have NAT-T support enabled to get through IPSec traffc over NAT.

I had seen somewhere that mt does not support nat-t. Is there a way for me to add a different nat rule for these specific clients to get this to work properly?

These clients are able to work when they first get the connection going, it almost seems like the connection is dropped from possible inactivity? I have in my firewall rules allowed all incoming traffic from their remote office to our network, and traffic is passing through... but what the heck would cause these windows based L2TP vpn connections to work, then drop out?

The only things different from last year when these auditors were here would be:
A new version os RouterOS: last year would have been some version of 3.x though
They are behind another router (no nat, nofirewall) for subnetting purposes
Implemented OSPF routing on the network.

Any thoughts?