Remote Desktop Problems via Ipsec VPN to terminal server

To whom it may concern,

We are experiencing problems with one of our clients networks. We have three Netcomm NB5580 setup at three different sites. Site B & C are connected via IPSEC VPN to Site A. Site A has a Win2k terminal server installed on the local netowrk. User's at Site B & C use RDP to connect via the VPN to the Terminal Server. This has been working with out problems for over a year.

Last week, user's starting complaining that they could no longer connect to the terminal server. First of all I checked the VPN status in the Site A router. Both VPN connections seemed connected. I then tried restarting all routers and re-establishing the VPN's. This had no effect. The strange thing is that all ping tests work from each site vice versa. The only thing that doesn't work is RDP.

I then tested the RDP in the local network at Site A. RDP from a workstation to the Terminal server worked fine.

I then tried forward port 3398 to the terminal server and making Site B & C connect to the public IP address. Bypassing the VPN. That worked fine.

It's only when the RDP has to connect via the Hardware VPN does it fail to work.

At the moment I have Site B & C connecting dial-up PPTP VPN's to the Windows Server and then connecting RDP.

Are there any known problems with RDP over IPSEC VPN?
netcruzaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
>>"Are there any known problems with RDP over IPSEC VPN?"
None that I know of, but it's possible the TS site has a slightly degraded or changed Internet connection, that may require lowering the MTU (Maximum Transmission Unit ) value. To high an MTU value can cause problems with RDP and file transfers. I would try lowing on the router at the TS site and on the TS itself. On the TS, the easiest way to do it is using the DrTCP tool  http://www.dslreports.com/drtcp  The default is 1500, but I would try 1300 and if there is an improvement, try gradually increasing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netcruzaAuthor Commented:
Ok thanks RobWill. Will give that go.

There's something I didn't mention. The TS site (Site A) has a different ISP then Site B & C. I'm wondering if one of the ISP's is blocking ipsec packets.

I have also tried swapping Site A's router to a D-link DSL-G804V. Re-established the Ipsec VPN's and still the same result.
0
Rob WilliamsCommented:
A few ISP's do block IPSec, however you say you can ping the remote site so I would assume that is not the case.
The reason I assume the problem might be the TS site, is neither B or C can connect.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.