Cisco anyconnect disconnect terminal services connection

philipfarnes
philipfarnes used Ask the Experts™
on
Hi

We have Cisco Asa with users remotely connecting via Cisco anyconnect.  Once connected they rep onto our servers. We do not seem to have problems when users connect from Europe or Singapore.  

When they connect from china the connection stays enabled and you can ping all of the terminal servers in london.  The ping is about 443 m/s. but the rdp connection does not connect or drops.

I have checked logging and cannot see any errors.

Any ideas.

Phil
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
It may be that the latency is simply too high, 443ms is pretty immense, although I would start by doing a packet capture on the client so you can see what is happening at a tcp level.

I would also try this registry setting on your terminal servers:

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/poor-bandwidth-latency.html
Although you have said which locations have issues and which location do not, you haven't said where the ASA is...

I presume that the European and Singapore users are on a lower latency connection than the Chinese ones. If this is the case, are they using the same group policy on the ASA?

Author

Commented:
asa is based in london

uk is about 16 m/s, europe 24 m/s singapore is 280 m/s

one policy

thanks

phil
I'm sorry, I had completely mis-read your original post. I had read it that only China could connect...

Latency will be one issue, MTU might be another.

I would start with the suggestions on the page from philipfarnes

I would also look at how many packets are being dropped.

What operating system are your RDP servers running ?

Are you using the RDP plugin in Anyconnect premium, or the Windows RDP client ? If you are using the Windows RDP client, which version of Windows are they running ?

I presume that as the remote users are connecting with Anyconnect, that they are "roaming" and not at an office. I have seen some improvement on site to site RDP over high latency links with the Riverbed appliances, but these require an appliance on both ends of the link. http://www.riverbed.com/us/solutions/wan_optimization/

There are also other products such as Erciom Blaze that might be of use http://www.ericom.com/blaze_faqs.asp

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial