VPN AVENTAIL 3 way handshake not connecting
Posted on 2009-05-18
We are setting up remote access via aventail remote software for a user. The setup is we are the branch office so basically the user
remotes into the vpn serverin headquarters then from there she rdp her pc in the branch site. I will give you the troubleshooting steps
we are able to telnet from a laptop on wireless authenicated to the vpn to the users work pc over tcp 3389
we can see a hit count on the access list in our branch firewall allowing connection
we ran wireshark on the work pc we can see the tcp connection coming in trying to form
a connection three way handshake there is an syn recieved from the vpn server. THen the client pc replies with a syn-ack but
we never recieve a ack back from the vpn server. So the connection is never formed.
The work pc has a route to the vpn server i am able to telnet + ping to the vpn server. RDP is enabled on the work pc and it is listening on tcp 3389 for the connection I am able to rdp internally from my pc to the work pc.
Here is the connection state on the pix
TCP out VPNSERVER:60539 in 10.xx.xx.xx:3389 idle 0:00:06 bytes 0 flags aB
first question I am not sure what the aB flag indicates???
The only thing i can think off is the protocol rdp requires a fixup i.e it is responding on random port but this will fine in our branch firewall as all traffic is allowed out so it must be the headquarters firewall.
Second question Is anyone aware does the rdp protocol require a fixup on firewalls??
Last question : can anyone think or recommend anything else??