[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13433
  • Last Modified:

Remote Desktop does not work over VPN

Hi,

We have a partner that needs to remote desktop into one of our servers but for some reason it's not working. I think his company's network is blocking him from accessing our network via RDP.

We are currently using sonicwall global vpn client and sonicwall ssl web based vpn but neither are working. When he connect using the web base one, he's able to access the files on our file server but when he tries to launch a RDP session it just hangs there. As for the sonicwall global vpn client, he is not able to successfully connect using that vpn. Can someone tell me if rdp uses a different port when connecting via a web based vpn such as the sonicwall ssl vpn? And can someone explain why sonicwall global vpn is not working at all inside his network? Is there a way to give him RDP access via the sonicwall ssl vpn?

Thanks in advance for you help!!
0
hiephop
Asked:
hiephop
2 Solutions
 
knightrider2k2Commented:
RDP will always use port 3389. Check if there is a firewall policy in sonicwall vpn.
0
 
Rob WilliamsCommented:
By default with the Sonicwall VPN all ports are open, unless someone has manually created rules to block specific services. However, one thought; if the Windows Firewall, or similar, is enabled on the server, you may need to edit the exceptions. When you enable remote desktop/terminal services the Windows firewall automatically creates a rule allowing access by the local LAN. Connections from outside the local network have to be manually allowed. To do so go to: control panel | windows firewall | exceptions | highlight remote desktop and choose edit | hight TCP/IP 3389 and choose change scope | change add an additional subnet or choose "any computer (including those on the Internet)"

Also if using server 2000 filtering may be enabled under advanced TCP/IP properties.
0
 
hiephopAuthor Commented:
I understand that RDP will always use port 3389 but I guess my question is for the partner's network. I know everything is working properly on ours because we've tested on several external sites and they all seem to work perfectly. My guess is that his network is blocking port 3389 from accessing the internet because he's able to terminal service into his internal servers just fine.

Another weird thing is that I've tried to duplicate the scenario by blocking all ports from access the internet at a remote site except for http and https (80 & 443)and tried using the sonicwall ssl vpn to connect to my network and then terminal service into one of my servers. This works fine at our remote test site. So I don't know what is blocking the access at his end.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
abissaCommented:
I have had this issue many times with Remote Desktop (or a Citrix client) which seem to be very sensitive to packet fragmentation. Try to find the maximal value of the MTU (Maximal Transmission Unit) by using the ping command from the remote client to your server server with the "-f" (do not fragment packet) and the "-l" (send buffer size) parameters until you get through with the maximum size which should be between 1200 and 1464. You can then add 28 (ping packet overhead) to the result you find which will give you the right value. Using a utility called "Dr. TCP" (http://www.dslreports.com/drtcp) you can change the MTU size to the value you've found. Dont't forget to reboot in order to enable the parameter change.

Hope this helps...

Jan
0
 
Rob WilliamsCommented:
Can you telnet out from the problematic site to port 3389 on a working site? Might confirm your thoughts.
0
 
nitadminCommented:
Most likely your Sonicwall Firewall or SonicWall SSL VPN appliance is not correctly configured, or both devices could be misconfigured.

Also if your remote user is connecting to Sonicwall SSL VPN appliance using his/her web browser, she/he needs to download and install either ActiveX or Java Applet for Remote Desktop.

Cheers,
NITADMIN
0
 
mnatkinCommented:
I had the same problem  Sonicwall 3060 pro. Under the adavce configuration for the VPN policy uncheck
apply NAT and firewall rules to VPN.. This solved our problems with remote desktop and VPN

Matt
Natco Terminal Support
0

Featured Post

The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now