Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1715
Views
0
Helpful
4
Replies

Site-to-site VPN: Remote Desktop is not working through the tunnel.

panikos73
Level 1
Level 1

‎07-08-2007 11:09 PM - edited ‎02-21-2020 03:08 PM

Hello,

I have established a site to site VPN between two Cisco 2811 routers. I need to work with MS Remote Desktop with some PCs. Although I can open a Remote Desktop connection from outside the VPN (using NAT), it is impossible to do so through the VPN tunnel.

I have to mention that the PCs (as any other PC in the VPN) are reachable for file sharing and responds to pinging normally through the VPN tunnel. Only Remote Desktop seems not to work.

No ACLs are applied on VPN traffic blocking tcp port 3389 and no firewall is applied yet.

I've already tried to change MTU settings in case that the problem had to do with it but nothing happened.

Unfortunately a server error prevents me from attaching the running configurations of both routers. I have no idea what the problem is, but I'm willing to send them (via e-mail maybe) to anyone who would like to take a look at them.

Any suggestions are welcome.

Many thanks in advance.

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎07-09-2007 10:00 AM

Nikolaos

If other applications work and the problem is only with RDP I would make my first guess that there is an issue with the access list on one or both sides. Your post is clear that no access list is applied that is blocking TCP 3389 but that is not the only possible issue with ACL. In configuring the VPN tunnel there is an ACL that identifies traffic to be protected by the VPN. The ACL on one router needs to be a mirror image of the ACL on the other router. My guess is that one (or both) of the ACLs are not including TCP 3389 as traffic to be protected. Can you check on that?

HTH

Rick

HTH

Rick
0 Helpful

panikos73
Level 1
Level 1
In response to Richard Burts

‎07-09-2007 02:11 PM

Hi Rick,

Thank you for helping me on this issue. Well the protected traffic is any ip traffic with source and destination the networks 192.168.1.0 and 192.168.2.0. I assume that includes TCP 3389

Regards

Nikos

0 Helpful

panikos73
Level 1
Level 1
In response to panikos73

‎07-09-2007 09:51 PM

Hello,

I'm sorry for asking something like this but is there any adjustment I should do in Internet Explorer (ver 6.0.2900.2180)in order to upload the files with the running config of both routers?

0 Helpful

mannycho
Level 1
Level 1
In response to panikos73

‎12-21-2010 08:21 AM

I am having the same issues. Anyone know why?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents