Solved

Remote Desktop does not work over VPN

Posted on 2006-10-19
8
12,980 Views
Last Modified: 2013-11-21
Hi,

We have a partner that needs to remote desktop into one of our servers but for some reason it's not working. I think his company's network is blocking him from accessing our network via RDP.

We are currently using sonicwall global vpn client and sonicwall ssl web based vpn but neither are working. When he connect using the web base one, he's able to access the files on our file server but when he tries to launch a RDP session it just hangs there. As for the sonicwall global vpn client, he is not able to successfully connect using that vpn. Can someone tell me if rdp uses a different port when connecting via a web based vpn such as the sonicwall ssl vpn? And can someone explain why sonicwall global vpn is not working at all inside his network? Is there a way to give him RDP access via the sonicwall ssl vpn?

Thanks in advance for you help!!
0
Comment
Question by:hiephop
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17769621
RDP will always use port 3389. Check if there is a firewall policy in sonicwall vpn.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17769811
By default with the Sonicwall VPN all ports are open, unless someone has manually created rules to block specific services. However, one thought; if the Windows Firewall, or similar, is enabled on the server, you may need to edit the exceptions. When you enable remote desktop/terminal services the Windows firewall automatically creates a rule allowing access by the local LAN. Connections from outside the local network have to be manually allowed. To do so go to: control panel | windows firewall | exceptions | highlight remote desktop and choose edit | hight TCP/IP 3389 and choose change scope | change add an additional subnet or choose "any computer (including those on the Internet)"

Also if using server 2000 filtering may be enabled under advanced TCP/IP properties.
0
 

Author Comment

by:hiephop
ID: 17770433
I understand that RDP will always use port 3389 but I guess my question is for the partner's network. I know everything is working properly on ours because we've tested on several external sites and they all seem to work perfectly. My guess is that his network is blocking port 3389 from accessing the internet because he's able to terminal service into his internal servers just fine.

Another weird thing is that I've tried to duplicate the scenario by blocking all ports from access the internet at a remote site except for http and https (80 & 443)and tried using the sonicwall ssl vpn to connect to my network and then terminal service into one of my servers. This works fine at our remote test site. So I don't know what is blocking the access at his end.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 2

Assisted Solution

by:abissa
abissa earned 75 total points
ID: 17772181
I have had this issue many times with Remote Desktop (or a Citrix client) which seem to be very sensitive to packet fragmentation. Try to find the maximal value of the MTU (Maximal Transmission Unit) by using the ping command from the remote client to your server server with the "-f" (do not fragment packet) and the "-l" (send buffer size) parameters until you get through with the maximum size which should be between 1200 and 1464. You can then add 28 (ping packet overhead) to the result you find which will give you the right value. Using a utility called "Dr. TCP" (http://www.dslreports.com/drtcp) you can change the MTU size to the value you've found. Dont't forget to reboot in order to enable the parameter change.

Hope this helps...

Jan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 17773060
Can you telnet out from the problematic site to port 3389 on a working site? Might confirm your thoughts.
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17778840
Most likely your Sonicwall Firewall or SonicWall SSL VPN appliance is not correctly configured, or both devices could be misconfigured.

Also if your remote user is connecting to Sonicwall SSL VPN appliance using his/her web browser, she/he needs to download and install either ActiveX or Java Applet for Remote Desktop.

Cheers,
NITADMIN
0
 

Expert Comment

by:mnatkin
ID: 25367730
I had the same problem  Sonicwall 3060 pro. Under the adavce configuration for the VPN policy uncheck
apply NAT and firewall rules to VPN.. This solved our problems with remote desktop and VPN

Matt
Natco Terminal Support
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setup small office network 1 58
Cisco 4400 will not take SFP module ? SFP 10 GB module 1 47
CentOS 7 wireless 2 29
Wireshark question 1 18
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question