Connecting through IPSec tunnel NATted to terminal server can't complete a connection but almost...

Posted on 2005-05-04
Medium Priority
Last Modified: 2012-06-27
Connecting using remote desktop from and Windows 2003 workstation to a Cisco 1711, then NATted through an IPSec tunnel, to a terminal server at the other end. I can almost connect, I see the terminal server (Windows 2003) login window but it freezes up at that point every time.

Trace shows the destination is being reached. Connection is very fast. Tried connecting from three different workstations and the same thing happens every time.

Tunnel test on the Cisco is successful.

mss is 1452

Any suggestions on what to check?
Question by:AnimatorOne
  • 2

Accepted Solution

markgrinceri earned 1800 total points
ID: 13934426
I doubt this is a router issue, I have had this problem as well before. The problem I had was roming profiles was on and I connected to remote desktop and login with a freshly created user which didn't have a profile. It freezed up everytime, until I login locally, which then login remotely

Maybe this can help!

Author Comment

ID: 13935035
Thats a good suggestion! I had that happen once too. I did log in locally for this user though. I even tried connecting with the Administrator account. No luck. Looked in the event viewer and nothing.

I'm thinking it may be a PIX thing on the destination. Traffic is obviously being natted and routed correctly to the destination because I get to the terminal server login. But I'm starting to think that the pix on the destination side doesn't know how to route the source network IPs.

Expert Comment

ID: 13938178

So...can you ping through the tunnel to the remote server?

What happens when you ping with different packet sizes? What happens when you try using 1500 byte packets? 1450 byte?

That you get a login page on the host, but post-login, it dies, would make me think that routing is fine, but that it's when the data really starts to flow that you run into problems...i.e. large packets.

c:\>ping -l 1500 <term server>

Other things to try is if you have problems connecting to other term servers or other services across the tunnel. MTU issues would probably affect more remote services than just the terminal server. Have you seen any other connectivity issues like this? Is it only across the tunnel that you have this problem? or do users that are at the remote site have the same problems....sorry for the barrage of quesitons. Just trying to help filter out other possible issues :)


Author Comment

ID: 14367184
You were right, it was not a problem with the router. It was the firewall in front of the router.

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question