Solved

Remote Desktop does not work over VPN

Posted on 2006-10-19
8
12,887 Views
Last Modified: 2013-11-21
Hi,

We have a partner that needs to remote desktop into one of our servers but for some reason it's not working. I think his company's network is blocking him from accessing our network via RDP.

We are currently using sonicwall global vpn client and sonicwall ssl web based vpn but neither are working. When he connect using the web base one, he's able to access the files on our file server but when he tries to launch a RDP session it just hangs there. As for the sonicwall global vpn client, he is not able to successfully connect using that vpn. Can someone tell me if rdp uses a different port when connecting via a web based vpn such as the sonicwall ssl vpn? And can someone explain why sonicwall global vpn is not working at all inside his network? Is there a way to give him RDP access via the sonicwall ssl vpn?

Thanks in advance for you help!!
0
Comment
Question by:hiephop
8 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 17769621
RDP will always use port 3389. Check if there is a firewall policy in sonicwall vpn.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17769811
By default with the Sonicwall VPN all ports are open, unless someone has manually created rules to block specific services. However, one thought; if the Windows Firewall, or similar, is enabled on the server, you may need to edit the exceptions. When you enable remote desktop/terminal services the Windows firewall automatically creates a rule allowing access by the local LAN. Connections from outside the local network have to be manually allowed. To do so go to: control panel | windows firewall | exceptions | highlight remote desktop and choose edit | hight TCP/IP 3389 and choose change scope | change add an additional subnet or choose "any computer (including those on the Internet)"

Also if using server 2000 filtering may be enabled under advanced TCP/IP properties.
0
 

Author Comment

by:hiephop
ID: 17770433
I understand that RDP will always use port 3389 but I guess my question is for the partner's network. I know everything is working properly on ours because we've tested on several external sites and they all seem to work perfectly. My guess is that his network is blocking port 3389 from accessing the internet because he's able to terminal service into his internal servers just fine.

Another weird thing is that I've tried to duplicate the scenario by blocking all ports from access the internet at a remote site except for http and https (80 & 443)and tried using the sonicwall ssl vpn to connect to my network and then terminal service into one of my servers. This works fine at our remote test site. So I don't know what is blocking the access at his end.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Assisted Solution

by:abissa
abissa earned 75 total points
ID: 17772181
I have had this issue many times with Remote Desktop (or a Citrix client) which seem to be very sensitive to packet fragmentation. Try to find the maximal value of the MTU (Maximal Transmission Unit) by using the ping command from the remote client to your server server with the "-f" (do not fragment packet) and the "-l" (send buffer size) parameters until you get through with the maximum size which should be between 1200 and 1464. You can then add 28 (ping packet overhead) to the result you find which will give you the right value. Using a utility called "Dr. TCP" (http://www.dslreports.com/drtcp) you can change the MTU size to the value you've found. Dont't forget to reboot in order to enable the parameter change.

Hope this helps...

Jan
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 75 total points
ID: 17773060
Can you telnet out from the problematic site to port 3389 on a working site? Might confirm your thoughts.
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17778840
Most likely your Sonicwall Firewall or SonicWall SSL VPN appliance is not correctly configured, or both devices could be misconfigured.

Also if your remote user is connecting to Sonicwall SSL VPN appliance using his/her web browser, she/he needs to download and install either ActiveX or Java Applet for Remote Desktop.

Cheers,
NITADMIN
0
 

Expert Comment

by:mnatkin
ID: 25367730
I had the same problem  Sonicwall 3060 pro. Under the adavce configuration for the VPN policy uncheck
apply NAT and firewall rules to VPN.. This solved our problems with remote desktop and VPN

Matt
Natco Terminal Support
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How VPC help preventing STP Loops 4 100
EIGRP STUB 19 72
Application timeout question 2 37
Home lab datacenter 9 53
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Know what services you can and cannot, should and should not combine on your server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question