RDP thru Cisco VPN client and thru 501 Failure

RDP thru Cisco VPN client and thru 501 Failure
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
RDP thru Cisco VPN client and thru 501 Failure curttampa 08-05-2008
Posted by on August 5, 2008, 3:52 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
=46rom home, we use plain old home Netgear routers to connect up to the
net. We use our laptops and the Cisco VPN client to connect up to a
Cisco VPN Appliance in a data center and MS=92s RDP to connect up to our
servers. This setup works perfectly. We use a PIX 501 from our office
to connect to the net. The VPN Client connects up to the applicance
just fine. However, RDP will not connect up to our servers. We are
using a 172.16.1.x sub net within the data center. In the office, we
just a 192.168.4.x subnet. Anyone have any other ideas that might
explain this failure?

Thanks in advance. (Our =91expert=92 who setup all these is unable to
explain it)

Pure Networks
Posted by Artie Lange on August 5, 2008, 4:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
curttampa@gmail.com wrote:
> From home, we use plain old home Netgear routers to connect up to the
> net. We use our laptops and the Cisco VPN client to connect up to a
> Cisco VPN Appliance in a data center and MS’s RDP to connect up to our
> servers. This setup works perfectly. We use a PIX 501 from our office
> to connect to the net. The VPN Client connects up to the applicance
> just fine. However, RDP will not connect up to our servers. We are
> using a 172.16.1.x sub net within the data center. In the office, we
> just a 192.168.4.x subnet. Anyone have any other ideas that might
> explain this failure?
>
> Thanks in advance. (Our ‘expert’ who setup all these is unable to
> explain it)

What is the DHCP pool you use for your clients?
Do your clients receive an IP from a differnet pool depending where they
connect from or who the user is?
Do you have any ACL's defining RDP traffic?
Can you browse the servers file systems?
Do you have firewall enable on the server?

Posted by Merv on August 5, 2008, 4:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> curtta...@gmail.com wrote:
> > From home, we use plain old home Netgear routers to connect up to the
> > net. We use our laptops and the Cisco VPN client to connect up to a
> > Cisco VPN Appliance in a data center and MS=92s RDP to connect up to ou=
r
> > servers. This setup works perfectly. We use a PIX 501 from our office
> > to connect to the net. The VPN Client connects up to the applicance
> > just fine. However, RDP will not connect up to our servers. We are
> > using a 172.16.1.x sub net within the data center. In the office, we
> > just a 192.168.4.x subnet. Anyone have any other ideas that might
> > explain this failure?
>
> > Thanks in advance. (Our =91expert=92 who setup all these is unable to
> > explain it)
>
> What is the DHCP pool you use for your clients?
> Do your clients receive an IP from a differnet pool depending where they
> connect from or who the user is?
> Do you have any ACL's defining RDP traffic?
> Can you browse the servers file systems?
> Do you have firewall enable on the server?


RDP packets cannot be fragmented. RDP sets the do-not-fragment bit in
its TCP packet
so do a path MTU discovery manually using ping.

Start with a ping packet length of 1500 and reduce until you have
successful ping.

ping -l 1500 -f <IP address>

Can the VPN clients ping the servers in question - i.e confirm there
are not other connectivity issues

If they can ping sucessfully then determine the largest MTU that the
client can use with no-fragment set


Adjust you NIC to use the discovered maximum path MTU size



Then set that MTU size on the VPN client and see if RDP connectivity
is possilbe

Posted by on August 6, 2008, 6:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options


>
>
>
>
>
> > curtta...@gmail.com wrote:
> > > From home, we use plain old home Netgear routers to connect up to the
> > > net. We use our laptops and the Cisco VPN client to connect up to a
> > > Cisco VPN Appliance in a data center and MS=92s RDP to connect up to =
our
> > > servers. This setup works perfectly. We use a PIX 501 from our office
> > > to connect to the net. The VPN Client connects up to the applicance
> > > just fine. However, RDP will not connect up to our servers. We are
> > > using a 172.16.1.x sub net within the data center. In the office, we
> > > just a 192.168.4.x subnet. Anyone have any other ideas that might
> > > explain this failure?
>
> > > Thanks in advance. (Our =91expert=92 who setup all these is unable to
> > > explain it)
>
> > What is the DHCP pool you use for your clients?
> > Do your clients receive an IP from a differnet pool depending where the=
y
> > connect from or who the user is?
> > Do you have any ACL's defining RDP traffic?
> > Can you browse the servers file systems?
> > Do you have firewall enable on the server?
>
> RDP packets cannot be fragmented. RDP sets the do-not-fragment bit in
> its TCP packet
> so do a path MTU discovery manually using ping.
>
> Start with a ping packet length of 1500 and reduce until you have
> successful ping.
>
> ping -l 1500 -f <IP address>
>
> Can the VPN clients ping the servers in question - i.e confirm there
> are not other connectivity issues
>
> If they can ping sucessfully then determine the largest MTU that the
> client can use with no-fragment set
>
> Adjust you NIC to use the discovered maximum path MTU size
>
> Then set that MTU size on the VPN client and see if RDP connectivity
> is possilbe- Hide quoted text -
>
> - Show quoted text -

Isn't there an easier way. This seams real complicated. Maybe we
should just dump this fancy firewall that prevents us from working.

Posted by Artie Lange on August 6, 2008, 7:35 am
If you were  Registered and logged in, you could reply and use other advanced thread options


curttampa@gmail.com wrote:

> Isn't there an easier way. This seams real complicated. Maybe we
> should just dump this fancy firewall that prevents us from working.

Well if it works from one location, it most likely is not an issue with
the firewall. The connection at your office, as Merv pointed out, may
use a MTU that is different than the other location you are connecting
from. If your idea is to dump the firewall for another solution, that is
completely up to you, *BUT* for an hour of diagnosis time you could
probably have an engineer look at and fix the issue.

Similar ThreadsPosted
Reky Failure XP l2tp/ipsec client and vpdn July 27, 2006, 10:15 am
Cisco ISO & FTP failure March 29, 2005, 9:08 pm
Rekey failure between Windows XP L2TP?IPSec and Cisco vpdn July 27, 2006, 10:18 am
Rekey failure between Windows XP L2TP/IPSec and Cisco vpdn July 27, 2006, 10:20 am
Cisco 1417 ADSL connection with Virtual-Template1 (possibly a NATfeature failure?) January 30, 2005, 9:59 pm
Adding additional routes to a VPN client (PIX515E and Cisco client) October 28, 2006, 8:17 pm
Whats with Cisco developing a Client for the iPhone before it has a Windows Client? July 16, 2008, 1:38 pm
Watchguard / Safenet Client and Cisco VPN Client Compatible? February 7, 2005, 3:29 pm
F-secure client security cisco vpn client July 18, 2005, 1:14 am
Cisco Client only allows one client to connect per subnet. September 21, 2007, 10:11 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map