Remote Desktop Problems via Ipsec VPN to terminal server

Posted on 2007-04-01
Medium Priority
Last Modified: 2013-11-21
To whom it may concern,

We are experiencing problems with one of our clients networks. We have three Netcomm NB5580 setup at three different sites. Site B & C are connected via IPSEC VPN to Site A. Site A has a Win2k terminal server installed on the local netowrk. User's at Site B & C use RDP to connect via the VPN to the Terminal Server. This has been working with out problems for over a year.

Last week, user's starting complaining that they could no longer connect to the terminal server. First of all I checked the VPN status in the Site A router. Both VPN connections seemed connected. I then tried restarting all routers and re-establishing the VPN's. This had no effect. The strange thing is that all ping tests work from each site vice versa. The only thing that doesn't work is RDP.

I then tested the RDP in the local network at Site A. RDP from a workstation to the Terminal server worked fine.

I then tried forward port 3398 to the terminal server and making Site B & C connect to the public IP address. Bypassing the VPN. That worked fine.

It's only when the RDP has to connect via the Hardware VPN does it fail to work.

At the moment I have Site B & C connecting dial-up PPTP VPN's to the Windows Server and then connecting RDP.

Are there any known problems with RDP over IPSEC VPN?
Question by:netcruza
  • 2
LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 18834093
>>"Are there any known problems with RDP over IPSEC VPN?"
None that I know of, but it's possible the TS site has a slightly degraded or changed Internet connection, that may require lowering the MTU (Maximum Transmission Unit ) value. To high an MTU value can cause problems with RDP and file transfers. I would try lowing on the router at the TS site and on the TS itself. On the TS, the easiest way to do it is using the DrTCP tool  http://www.dslreports.com/drtcp  The default is 1500, but I would try 1300 and if there is an improvement, try gradually increasing.

Author Comment

ID: 18834118
Ok thanks RobWill. Will give that go.

There's something I didn't mention. The TS site (Site A) has a different ISP then Site B & C. I'm wondering if one of the ISP's is blocking ipsec packets.

I have also tried swapping Site A's router to a D-link DSL-G804V. Re-established the Ipsec VPN's and still the same result.
LVL 78

Expert Comment

by:Rob Williams
ID: 18834164
A few ISP's do block IPSec, however you say you can ping the remote site so I would assume that is not the case.
The reason I assume the problem might be the TS site, is neither B or C can connect.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question