Site-to-site VPN: Remote Desktop is not working through the tunnel.

Unanswered Question
Jul 8th, 2007


I have established a site to site VPN between two Cisco 2811 routers. I need to work with MS Remote Desktop with some PCs. Although I can open a Remote Desktop connection from outside the VPN (using NAT), it is impossible to do so through the VPN tunnel.

I have to mention that the PCs (as any other PC in the VPN) are reachable for file sharing and responds to pinging normally through the VPN tunnel. Only Remote Desktop seems not to work.

No ACLs are applied on VPN traffic blocking tcp port 3389 and no firewall is applied yet.

I've already tried to change MTU settings in case that the problem had to do with it but nothing happened.

Unfortunately a server error prevents me from attaching the running configurations of both routers. I have no idea what the problem is, but I'm willing to send them (via e-mail maybe) to anyone who would like to take a look at them.

Any suggestions are welcome.

Many thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Mon, 07/09/2007 - 10:00


If other applications work and the problem is only with RDP I would make my first guess that there is an issue with the access list on one or both sides. Your post is clear that no access list is applied that is blocking TCP 3389 but that is not the only possible issue with ACL. In configuring the VPN tunnel there is an ACL that identifies traffic to be protected by the VPN. The ACL on one router needs to be a mirror image of the ACL on the other router. My guess is that one (or both) of the ACLs are not including TCP 3389 as traffic to be protected. Can you check on that?



panikos73 Mon, 07/09/2007 - 14:11

Hi Rick,

Thank you for helping me on this issue. Well the protected traffic is any ip traffic with source and destination the networks and I assume that includes TCP 3389



panikos73 Mon, 07/09/2007 - 21:51


I'm sorry for asking something like this but is there any adjustment I should do in Internet Explorer (ver 6.0.2900.2180)in order to upload the files with the running config of both routers?


This Discussion