• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

Connecting through IPSec tunnel NATted to terminal server can't complete a connection but almost...

Connecting using remote desktop from and Windows 2003 workstation to a Cisco 1711, then NATted through an IPSec tunnel, to a terminal server at the other end. I can almost connect, I see the terminal server (Windows 2003) login window but it freezes up at that point every time.

Trace shows the destination is being reached. Connection is very fast. Tried connecting from three different workstations and the same thing happens every time.

Tunnel test on the Cisco is successful.

mss is 1452

Any suggestions on what to check?
0
AnimatorOne
Asked:
AnimatorOne
  • 2
1 Solution
 
markgrinceriCommented:
I doubt this is a router issue, I have had this problem as well before. The problem I had was roming profiles was on and I connected to remote desktop and login with a freshly created user which didn't have a profile. It freezed up everytime, until I login locally, which then login remotely

Maybe this can help!
0
 
AnimatorOneAuthor Commented:
Thats a good suggestion! I had that happen once too. I did log in locally for this user though. I even tried connecting with the Administrator account. No luck. Looked in the event viewer and nothing.

I'm thinking it may be a PIX thing on the destination. Traffic is obviously being natted and routed correctly to the destination because I get to the terminal server login. But I'm starting to think that the pix on the destination side doesn't know how to route the source network IPs.
0
 
pedrowCommented:

So...can you ping through the tunnel to the remote server?

What happens when you ping with different packet sizes? What happens when you try using 1500 byte packets? 1450 byte?

That you get a login page on the host, but post-login, it dies, would make me think that routing is fine, but that it's when the data really starts to flow that you run into problems...i.e. large packets.

so...:
c:\>ping -l 1500 <term server>

Other things to try is if you have problems connecting to other term servers or other services across the tunnel. MTU issues would probably affect more remote services than just the terminal server. Have you seen any other connectivity issues like this? Is it only across the tunnel that you have this problem? or do users that are at the remote site have the same problems....sorry for the barrage of quesitons. Just trying to help filter out other possible issues :)




0
 
AnimatorOneAuthor Commented:
You were right, it was not a problem with the router. It was the firewall in front of the router.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now