Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Remote Desktop does not work over VPN

Posted on 2006-10-19
8
12,940 Views
Last Modified: 2013-11-21
Hi,

We have a partner that needs to remote desktop into one of our servers but for some reason it's not working. I think his company's network is blocking him from accessing our network via RDP.

We are currently using sonicwall global vpn client and sonicwall ssl web based vpn but neither are working. When he connect using the web base one, he's able to access the files on our file server but when he tries to launch a RDP session it just hangs there. As for the sonicwall global vpn client, he is not able to successfully connect using that vpn. Can someone tell me if rdp uses a different port when connecting via a web based vpn such as the sonicwall ssl vpn? And can someone explain why sonicwall global vpn is not working at all inside his network? Is there a way to give him RDP access via the sonicwall ssl vpn?

Thanks in advance for you help!!
0
Comment
Question by:hiephop
8 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17769621
RDP will always use port 3389. Check if there is a firewall policy in sonicwall vpn.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17769811
By default with the Sonicwall VPN all ports are open, unless someone has manually created rules to block specific services. However, one thought; if the Windows Firewall, or similar, is enabled on the server, you may need to edit the exceptions. When you enable remote desktop/terminal services the Windows firewall automatically creates a rule allowing access by the local LAN. Connections from outside the local network have to be manually allowed. To do so go to: control panel | windows firewall | exceptions | highlight remote desktop and choose edit | hight TCP/IP 3389 and choose change scope | change add an additional subnet or choose "any computer (including those on the Internet)"

Also if using server 2000 filtering may be enabled under advanced TCP/IP properties.
0
 

Author Comment

by:hiephop
ID: 17770433
I understand that RDP will always use port 3389 but I guess my question is for the partner's network. I know everything is working properly on ours because we've tested on several external sites and they all seem to work perfectly. My guess is that his network is blocking port 3389 from accessing the internet because he's able to terminal service into his internal servers just fine.

Another weird thing is that I've tried to duplicate the scenario by blocking all ports from access the internet at a remote site except for http and https (80 & 443)and tried using the sonicwall ssl vpn to connect to my network and then terminal service into one of my servers. This works fine at our remote test site. So I don't know what is blocking the access at his end.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 2

Assisted Solution

by:abissa
abissa earned 75 total points
ID: 17772181
I have had this issue many times with Remote Desktop (or a Citrix client) which seem to be very sensitive to packet fragmentation. Try to find the maximal value of the MTU (Maximal Transmission Unit) by using the ping command from the remote client to your server server with the "-f" (do not fragment packet) and the "-l" (send buffer size) parameters until you get through with the maximum size which should be between 1200 and 1464. You can then add 28 (ping packet overhead) to the result you find which will give you the right value. Using a utility called "Dr. TCP" (http://www.dslreports.com/drtcp) you can change the MTU size to the value you've found. Dont't forget to reboot in order to enable the parameter change.

Hope this helps...

Jan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 17773060
Can you telnet out from the problematic site to port 3389 on a working site? Might confirm your thoughts.
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17778840
Most likely your Sonicwall Firewall or SonicWall SSL VPN appliance is not correctly configured, or both devices could be misconfigured.

Also if your remote user is connecting to Sonicwall SSL VPN appliance using his/her web browser, she/he needs to download and install either ActiveX or Java Applet for Remote Desktop.

Cheers,
NITADMIN
0
 

Expert Comment

by:mnatkin
ID: 25367730
I had the same problem  Sonicwall 3060 pro. Under the adavce configuration for the VPN policy uncheck
apply NAT and firewall rules to VPN.. This solved our problems with remote desktop and VPN

Matt
Natco Terminal Support
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question