Solved

RDP session dies when connecting to VPN

Posted on 2014-11-21
8
191 Views
Last Modified: 2014-12-01
I'm RDP'd into a VPN when I connect to a Cisio VPN I lose my connection and have to log onto the console to disconnect before being able to reconnect.

Does anyone have any Ideas? I can provide more information if needed.
0
Comment
Question by:gman
  • 4
  • 3
8 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 40457198
Please provide more details.
Which kind of Cisco VPN? The legacy IPSec or AnyConnect (SSL)?
Do you start the Cisco VPN in the RDP session or on your client?

Most Cisco VPN connections are configured to redirect Internet traffic thru them, and to cut off any local access. That is probably the reason.
0
 

Author Comment

by:gman
ID: 40457339
Connects over IPSEC / UDP

Is there a way to set static routes for all RDP traffic that wont be wiped when connecting to the VPN

Windows IP Configuration

   Host Name . . . . . . . . . . . . : VM01
   Primary Dns Suffix  . . . . . . . : domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit W
ows
   Physical Address. . . . . . . . . : 00-05-9s-4t-44-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fr84:5t4f:f7d8:8c2f%22(Preferred
   IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 369100186
   DHCPv6 Client DUID. . . . . . . . : 00-01-02-01-1C-F4-1F-2A-00-0C-29-58-29

   DNS Servers . . . . . . . . . . . : 10.1.1.3
                                       10.1.1.2
   Primary WINS Server . . . . . . . : 10.1.1.3
   Secondary WINS Server . . . . . . : 10.1.1.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
   Physical Address. . . . . . . . . : 11-1E-29-38-19-59
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : ee30::2838:ced0:7aca:9884%11(Preferred
   IPv4 Address. . . . . . . . . . . : 10.15.1.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : fe80::8d08:4e40:71ca:8ab4%11
                                       10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-r4-1F-3A-00-0C-59-44-12

   DNS Servers . . . . . . . . . . . : 10.0.2.1
                                       10.0.2.22
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40457394
Usually there is no way if split tunneling is prohibited. The VPN virtual NIC is in control of the network traffic, and denying further access if not via VPN.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 12

Expert Comment

by:Faruk Onder Yerli
ID: 40457453
please check mtu size and packet fragmentation between two points.
use windows command line "ping [rdp address] -l 1500" if you can not ping you have to adjust mtu over VPN concentrator.
0
 

Author Comment

by:gman
ID: 40463350
I don't have access to that, its a customer VPN so i've no admin rights to it. Any other Ideas?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40463375
As said, if the Cisco device does not allow, you can't trick it.
However, this seems to be a VM - maybe a VMware? The VM console still works.
0
 

Author Comment

by:gman
ID: 40463958
Yes, vmware esxi. However the end users dont have access to the host or console.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 40464171
If you are limited to using RDP (because you need multiple sessions), then "you can't do that" is the only answer.
VMWare Sessions can be deployed via Browser plug-in - that is what we do with such Cisco connections (we use the old VMWare Server 2 for that, because it is much more simple to use in this context).
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question