Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1133
  • Last Modified:

RDP problems over Netscreen 5GT

Hello,

In one of our offices we have two completely separate networks (due to business reasons this has to be the case), Network A & Network B.  Between the two networks I have placed a Netscreen 5GT to allow some traffic to pass between the two.  Some users from Network A need to RDP to a server in Network B.

The RDP session kicks off fine and allows the user to connect to the sever, however, after only a few seconds the session disconnects.  Some of these users are on XP, others are on thin client Winterms.  

I can run a constant ping from A to B without any drops.  Going in the opposite direction, ping is also constant and Citrix works flawlessly.  Unfortunately there are no Citrix farms on Network B so it has to be RDP into the terminal sever.  

Users on Network B can RDP into the server without any problems.  So it appears to me that the problem lies in the Netscreen, but I open to all suggestions.  

I did wonder if it could be a problem with MTU size.  I tried reducing it to 1300 on the Netscreen but it made no difference.   I have seen in some places that the MTU needs to be set on the client machine, but as some of the users are on Winterm thin clients, I don't think this can be configured.  But I fully admit I know very little about MTU so I am open to any suggestions.

Kind regards
0
laytonblackham
Asked:
laytonblackham
1 Solution
 
MrMintanetCommented:
Connect the TS to a switch.  Connect the switch to the DMZ port of each separate network.

Then setup policies to only allow port 3389 through.
0
 
laytonblackhamAuthor Commented:
MrMintanent - thank you for your response.
The policy on the netscreen is already allowing 3389 though, so will this make a difference to the problems I'm getting with the session disconnecting?

Thanks
0
 
MrMintanetCommented:
Have you tried to lower the connection speed to 16 bit color, etc?
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
laytonblackhamAuthor Commented:
No, I haven't actually - I'll try that this afternoon.  

Thanks
0
 
laytonblackhamAuthor Commented:
Hi, back after the bank holiday weekend.

Even with 256 colours and reduced display resolution I get the same issues.  

Thanks
0
 
laytonblackhamAuthor Commented:
Raising the points to 500 in the hope that someone can help me.  Thanks!
0
 
sfrancyCommented:
I have seen this problem occur with an asymmetric routing situation.  This is where the routed path from network A -> B is not the same as B ->A.  If you have this situation, you can fix the routing problem or you can try issuing this command:  unset flow tcp-syn-check.

0
 
laytonblackhamAuthor Commented:
Sfrancy, thank you very much for the response.
I've not had chance to try this today but will do on Monday.

Thanks
0
 
trojan81Commented:
Did "unset flow tcp-syn-check" resolve the issue?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now