exactitsolutions
asked on
CISCO VPN, Remote Desktop not working, New router installed!!!
Ok here is the deal, I will keep this as simple as possible.
We are using the cisco VPN client (4.8.00), to connect to a server hosted in a datacenter, once connected to the VPN client we use RDP to connect to the server.
This works fine from everywhere and for everyone except for ONE location. This ONE location just had a new router installed (3com 5012), the CISCO VPN client connects but the remote desktop will not connect. Just get the usual time out.
So in my mind this obviously points to the router, as everything is fine from everywhere else and was at that location UNTIL this router was replaced.
What needs to be enabled on that router to make this work????
Thanks in advance.
We are using the cisco VPN client (4.8.00), to connect to a server hosted in a datacenter, once connected to the VPN client we use RDP to connect to the server.
This works fine from everywhere and for everyone except for ONE location. This ONE location just had a new router installed (3com 5012), the CISCO VPN client connects but the remote desktop will not connect. Just get the usual time out.
So in my mind this obviously points to the router, as everything is fine from everywhere else and was at that location UNTIL this router was replaced.
What needs to be enabled on that router to make this work????
Thanks in advance.
I would make sure that TCP port 3389 is open on the router
ASKER
Its open, I can connect anywhere else in the network.
Forgot to mention I can't even ping the target server (server I want to remote desktop to) when connected via the CISCO VPN client.
Forgot to mention I can't even ping the target server (server I want to remote desktop to) when connected via the CISCO VPN client.
Is there a chance that your Cisco VPN (Host site) is configured with Access Control Lists) allowing connections only from specific public IP's and/or subnets? Has changing the router changed either of those, the public IP or more likely local LAN subnet, at the client site?
Or, if the local LAN subnet at the client site has changed, make sure it has not become the same subnet as the host site. VPN's must have different subnets at either end, or you will experience issues as you have described, a connection, but no communication.
Or, if the local LAN subnet at the client site has changed, make sure it has not become the same subnet as the host site. VPN's must have different subnets at either end, or you will experience issues as you have described, a connection, but no communication.
Does this new router support IPSEC Passthrough? Some routers have it as an option that is disabled by default. Some have it enabled by default. Is the VPN End device (PIX, VPN3000) setup to allow nat-traversal?
check for any firmware upgrades for your router
Hi,
Can you ping that 3 com router from VPN client ?
if not, check the 3com routing table. I should have a route to reach the server and one back to the VPN client. (you may just miss a static route).
I hope that helps
Can you ping that 3 com router from VPN client ?
if not, check the 3com routing table. I should have a route to reach the server and one back to the VPN client. (you may just miss a static route).
I hope that helps
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You might want to upgrade your VPN client (5.x isout). Also make sure that windows firewall is not running on the client. In the cisco client there is a setting that will alow detailed logging. I have seen several cases where the cisco client looks like it is connected, but no data passes. In some it was what was mentioned above with the subnets being the same on both sides. That can be overcome by not enabling split tunnel for the VPN profile. I have also seen it when the client has a software firewall running on the client workstation. Lastly I have also seen it when the devices between the client and the VPN termination device are performing NAT and they do not support IPSEC passthru. In that case you may (or may not) be able to make it work with config changes on the equipment. I do not know much about 3com, so I cannot offer any ideas there.
good luck
good luck
ASKER
Thank you all for the responses.
It seems mark_seymour hit it on the head.
Both are on the same subnets, so know I know why... But how can I fix?? Static Route?
It seems mark_seymour hit it on the head.
Both are on the same subnets, so know I know why... But how can I fix?? Static Route?
Or possibly as stated; "Or, if the local LAN subnet at the client site has changed, make sure it has not become the same subnet as the host site. VPN's must have different subnets at either end, or you will experience issues as you have described, a connection, but no communication."
ASKER
can't change the subnet at either site unfortunately, is there any possible way around this?
and yes have the connection, but zero communication...
and yes have the connection, but zero communication...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If changing the subnet is totally out of the question on both sites then you may want to try a software alternative. We had one such situation in the past and used a product called "logmein hamachi" this created a virtual vpn between two PC's (i believe it can be used to create gateways between the networks too). Since the software gives you a virtual (non-routable) IP it works fine regardless of the machines normal IP's and isn't too costly. This proved to be a lot simpler config wise.