?
Solved

Remote Desktop Problems via Ipsec VPN to terminal server

Posted on 2007-04-01
5
Medium Priority
?
1,636 Views
Last Modified: 2013-11-21
To whom it may concern,

We are experiencing problems with one of our clients networks. We have three Netcomm NB5580 setup at three different sites. Site B & C are connected via IPSEC VPN to Site A. Site A has a Win2k terminal server installed on the local netowrk. User's at Site B & C use RDP to connect via the VPN to the Terminal Server. This has been working with out problems for over a year.

Last week, user's starting complaining that they could no longer connect to the terminal server. First of all I checked the VPN status in the Site A router. Both VPN connections seemed connected. I then tried restarting all routers and re-establishing the VPN's. This had no effect. The strange thing is that all ping tests work from each site vice versa. The only thing that doesn't work is RDP.

I then tested the RDP in the local network at Site A. RDP from a workstation to the Terminal server worked fine.

I then tried forward port 3398 to the terminal server and making Site B & C connect to the public IP address. Bypassing the VPN. That worked fine.

It's only when the RDP has to connect via the Hardware VPN does it fail to work.

At the moment I have Site B & C connecting dial-up PPTP VPN's to the Windows Server and then connecting RDP.

Are there any known problems with RDP over IPSEC VPN?
0
Comment
Question by:netcruza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 18834093
>>"Are there any known problems with RDP over IPSEC VPN?"
None that I know of, but it's possible the TS site has a slightly degraded or changed Internet connection, that may require lowering the MTU (Maximum Transmission Unit ) value. To high an MTU value can cause problems with RDP and file transfers. I would try lowing on the router at the TS site and on the TS itself. On the TS, the easiest way to do it is using the DrTCP tool  http://www.dslreports.com/drtcp  The default is 1500, but I would try 1300 and if there is an improvement, try gradually increasing.
0
 

Author Comment

by:netcruza
ID: 18834118
Ok thanks RobWill. Will give that go.

There's something I didn't mention. The TS site (Site A) has a different ISP then Site B & C. I'm wondering if one of the ISP's is blocking ipsec packets.

I have also tried swapping Site A's router to a D-link DSL-G804V. Re-established the Ipsec VPN's and still the same result.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18834164
A few ISP's do block IPSec, however you say you can ping the remote site so I would assume that is not the case.
The reason I assume the problem might be the TS site, is neither B or C can connect.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question