Solved

Remote Desktop Problems via Ipsec VPN to terminal server

Posted on 2007-04-01
5
1,633 Views
Last Modified: 2013-11-21
To whom it may concern,

We are experiencing problems with one of our clients networks. We have three Netcomm NB5580 setup at three different sites. Site B & C are connected via IPSEC VPN to Site A. Site A has a Win2k terminal server installed on the local netowrk. User's at Site B & C use RDP to connect via the VPN to the Terminal Server. This has been working with out problems for over a year.

Last week, user's starting complaining that they could no longer connect to the terminal server. First of all I checked the VPN status in the Site A router. Both VPN connections seemed connected. I then tried restarting all routers and re-establishing the VPN's. This had no effect. The strange thing is that all ping tests work from each site vice versa. The only thing that doesn't work is RDP.

I then tested the RDP in the local network at Site A. RDP from a workstation to the Terminal server worked fine.

I then tried forward port 3398 to the terminal server and making Site B & C connect to the public IP address. Bypassing the VPN. That worked fine.

It's only when the RDP has to connect via the Hardware VPN does it fail to work.

At the moment I have Site B & C connecting dial-up PPTP VPN's to the Windows Server and then connecting RDP.

Are there any known problems with RDP over IPSEC VPN?
0
Comment
Question by:netcruza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18834093
>>"Are there any known problems with RDP over IPSEC VPN?"
None that I know of, but it's possible the TS site has a slightly degraded or changed Internet connection, that may require lowering the MTU (Maximum Transmission Unit ) value. To high an MTU value can cause problems with RDP and file transfers. I would try lowing on the router at the TS site and on the TS itself. On the TS, the easiest way to do it is using the DrTCP tool  http://www.dslreports.com/drtcp  The default is 1500, but I would try 1300 and if there is an improvement, try gradually increasing.
0
 

Author Comment

by:netcruza
ID: 18834118
Ok thanks RobWill. Will give that go.

There's something I didn't mention. The TS site (Site A) has a different ISP then Site B & C. I'm wondering if one of the ISP's is blocking ipsec packets.

I have also tried swapping Site A's router to a D-link DSL-G804V. Re-established the Ipsec VPN's and still the same result.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18834164
A few ISP's do block IPSec, however you say you can ping the remote site so I would assume that is not the case.
The reason I assume the problem might be the TS site, is neither B or C can connect.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question