Microsoft Server OS
--
Questions
--
Followers
Top Experts
RDP over VPN disconnects constantly. RDP without VPN works fine.
VPN - Sonicwall TZ170
Terminal Server - Windows Server 2003 or User's Specific Workstation (Windows XP)
Host Connection - Full T1
Client Connection - Cable, DSL, or Cell Card (PCMCIA or USB)
I have adjusted many options such as MTU, Fragmented Packets, and several other suggested settings which may cause the timeout.
The users simply timeout regardless of how the VPN is configured (to this point). Â If I bypass the VPN and directly connect to the TS, I have no issues.
The type of connection seems to be irrelivant. Â Regardless of my connection (T1) or theirs (Cable, DSL, or Cell Card), the VPN still disconnects constantly. Â If the user connects without the VPN, the connection stays with no interuptions.
I have looked at what seems to be over 100 different forums covering this problem. Â Many seem to point to the ISP, but I don't believe this is the case being my TS sessions do not disconnect when connected *without* VPN.
Another suggestion is the MTU settings along with adjusting Fragmented Packet settings. Â I have made adjustments as many forums and sites have suggested. Â This still does not help!
As you may or may not know, Sonicwall's customer support is atrocious, and is quite painful to deal with. Â I would love to get someone's input on the issue ASAP.
Extra info: Â No Citrix used nor configured as I have never used Citrix nor invested any time to learning its capabilities.
Many thanks in advance, and I appreciate you taking the time to read this. Â Take care.
Terminal Server - Windows Server 2003 or User's Specific Workstation (Windows XP)
Host Connection - Full T1
Client Connection - Cable, DSL, or Cell Card (PCMCIA or USB)
I have adjusted many options such as MTU, Fragmented Packets, and several other suggested settings which may cause the timeout.
The users simply timeout regardless of how the VPN is configured (to this point). Â If I bypass the VPN and directly connect to the TS, I have no issues.
The type of connection seems to be irrelivant. Â Regardless of my connection (T1) or theirs (Cable, DSL, or Cell Card), the VPN still disconnects constantly. Â If the user connects without the VPN, the connection stays with no interuptions.
I have looked at what seems to be over 100 different forums covering this problem. Â Many seem to point to the ISP, but I don't believe this is the case being my TS sessions do not disconnect when connected *without* VPN.
Another suggestion is the MTU settings along with adjusting Fragmented Packet settings. Â I have made adjustments as many forums and sites have suggested. Â This still does not help!
As you may or may not know, Sonicwall's customer support is atrocious, and is quite painful to deal with. Â I would love to get someone's input on the issue ASAP.
Extra info: Â No Citrix used nor configured as I have never used Citrix nor invested any time to learning its capabilities.
Many thanks in advance, and I appreciate you taking the time to read this. Â Take care.
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
When they do connect how long is it staying connected for and is it the same amount each time? Are they using a client or just the microsft pptp settings? do they have other vpn client software installed on there pc Cisco and Sonicwall don't play well.There still could be an issue with your ISP and the vpn, lets rule out rdp completly, have the user connect and do a constant ping to an internal machine to see if the vpn stays connected,
Users say up for 30 seconds to 2-5 minutes at a time. Â We're using the Sonicwall VPN client. Â No other software is installed as this is our only VPN. Â VPN stays connected with a constant ping. Â There are a few random dropped packets, but not enough to be remotely concerned with being the ping is being done from a cell card.
It's definetly an issue with the transmission of the rdp packet through the vpn, check the logs on the firewall when the user connects and then gets disconnected.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Nothing is identified in the log. Â I just had someone ping from remote site. Â They have no drops and they are on DSL.
Can you check to see what the connection timeout is on both sides.
I'm not getting any timeouts. Â If we're talking about the RDP, nothing is showing up in Event Viewer. Â VPN seems to remain established.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
By the way, thank you very much for taking time to help me with this seemingly juvenile question.
No problem, correct me if i'm wrong, but RDP on it's own is ok, VPN on it's own is ok, when you rdp through the vpn then it disconnects.
If this is the case then there could ba a timeout issue with the vpn which is usually 8 hours.
Or just the mtu size could be throwing off the vpn also.
I would check the firewall and find the session timeout, also there is a timeout on the client if there both not 8 hours make them 8 to start. Also there will be an inactivity time out for the vpn which is on the firewall. this should be set to 30 minutes or so.
to get optimal mtu size
ping a machine in your network from the client like this
ping Server1 -f -l 1472
if the result indicates the packet needs to fragmented lower the size by 10 intil it doesn't. then increase by ones until your get the largets size.
If this is the case then there could ba a timeout issue with the vpn which is usually 8 hours.
Or just the mtu size could be throwing off the vpn also.
I would check the firewall and find the session timeout, also there is a timeout on the client if there both not 8 hours make them 8 to start. Also there will be an inactivity time out for the vpn which is on the firewall. this should be set to 30 minutes or so.
to get optimal mtu size
ping a machine in your network from the client like this
ping Server1 -f -l 1472
if the result indicates the packet needs to fragmented lower the size by 10 intil it doesn't. then increase by ones until your get the largets size.
Rather than configring all of this and fine tuning my firewall so my RDP won't disconnect over VPN, would you also suggest getting a better firewall, or is this common. Â Honestly, I don't have the time to sit and tweak this MTU setting. Â Sounds like a very tedious process, and it may or maynot provide the results I am seeking. Â If so, what would you recommend as a replacement for the Sonicwall TZ 170? Â
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Although I'm not a fan of Sonicwall  it is a decent soho device and these types of issues could come up with any device. How many internal devices do you have? and what sort of through put do you need. Also how many outside user would need vpn access. I think the 170 can only provide 10 licenses, in any case licensing is important. I would always recomend a cisco device a pix 501, or since it's end of life an ASA 5505.
Well, honestly the only reason for the VPN is for the RDP. Â I guess that may lead to my next question which is very loaded, and if it is necessary, I may post this separate. Â Is VPN really all that necessary for RDP anymore? Â
Remote Desktop Protocol provides data encryption, but it does not provide authentication to verify the identity of a terminal server. In Windows Server 2003 Service Pack 1 , you can enhance the security of Terminal Server by configuring Terminal Services connections to use Transport Layer Security (TLS)for server authentication, and to encrypt terminal server communications.Rdp is encrypted to the highest level the client can support usually 128 bit for XP , If I were the responsible person for a network I would not leave my data soley up to Microsoft.
More on the subject
http://technet.microsoft.com/en-us/library/cc782610.aspx
More on the subject
http://technet.microsoft.com/en-us/library/cc782610.aspx
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Do you think there may be other alternatives than VPN? Â It seems that VPN does more than I really need. Â I really think that I've wandered off the path, and I may need to post a new question.
Perhaps,an end point device that provides AN ssl vpn connection, keeping the entire process web based, but again with out specific numbers I can only suggest a type of device not anything specific.
Is this a new process or was this working before?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Well, it would be an odd situation, but remotely likely that 5 users would VPN in at one single time. Â Now, I would like to be able to upscale this number should it ever be necessary.
Internally, we have aprox. 100-125 devices. Â
Internally, we have aprox. 100-125 devices. Â
It has always been shoddy. Â The person I replaced had set it up but it was only 75% functional. Â <- Number is totaly illustrative and not from statistical data.
Honestly, I feel that my Sonicwall is a bird's nest in my fishing reel. Â I'd like to put on some new line, you know?
Honestly, I feel that my Sonicwall is a bird's nest in my fishing reel. Â I'd like to put on some new line, you know?
thats relativley a small number an ASA5505 Â would prove nice and still scale with the ssl vpn option I thoink this would work well. but if the sonicwall was working I'm more inclined to work on that a bit more before I replaced it.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
The big question... how do you revamp a firewall without potentially knocking the network off the grid? Â Naturally, I'd assume grave shift.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Dawilliams, thanks a lot for the pointers at this point. Â I am going to leave this open for 24 hours, and see if I can get any other opinions. Â Thanks so much for your tips! Â I really do appreciate it.
You were great. Â Thanks.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Microsoft Server OS
--
Questions
--
Followers
Top Experts
The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.