Connecting through IPSec tunnel NATted to terminal server can't complete a connection but almost...

Posted on 2005-05-04
Last Modified: 2012-06-27
Connecting using remote desktop from and Windows 2003 workstation to a Cisco 1711, then NATted through an IPSec tunnel, to a terminal server at the other end. I can almost connect, I see the terminal server (Windows 2003) login window but it freezes up at that point every time.

Trace shows the destination is being reached. Connection is very fast. Tried connecting from three different workstations and the same thing happens every time.

Tunnel test on the Cisco is successful.

mss is 1452

Any suggestions on what to check?
Question by:AnimatorOne
    LVL 2

    Accepted Solution

    I doubt this is a router issue, I have had this problem as well before. The problem I had was roming profiles was on and I connected to remote desktop and login with a freshly created user which didn't have a profile. It freezed up everytime, until I login locally, which then login remotely

    Maybe this can help!

    Author Comment

    Thats a good suggestion! I had that happen once too. I did log in locally for this user though. I even tried connecting with the Administrator account. No luck. Looked in the event viewer and nothing.

    I'm thinking it may be a PIX thing on the destination. Traffic is obviously being natted and routed correctly to the destination because I get to the terminal server login. But I'm starting to think that the pix on the destination side doesn't know how to route the source network IPs.
    LVL 7

    Expert Comment


    So...can you ping through the tunnel to the remote server?

    What happens when you ping with different packet sizes? What happens when you try using 1500 byte packets? 1450 byte?

    That you get a login page on the host, but post-login, it dies, would make me think that routing is fine, but that it's when the data really starts to flow that you run into problems...i.e. large packets.

    c:\>ping -l 1500 <term server>

    Other things to try is if you have problems connecting to other term servers or other services across the tunnel. MTU issues would probably affect more remote services than just the terminal server. Have you seen any other connectivity issues like this? Is it only across the tunnel that you have this problem? or do users that are at the remote site have the same problems....sorry for the barrage of quesitons. Just trying to help filter out other possible issues :)


    Author Comment

    You were right, it was not a problem with the router. It was the firewall in front of the router.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now