We have a site to site IPSec VPN tunnel with a PIX 535 at one end and an ASA on the other. We don't manage the ASA. A user reports that his Remote Desktop session from his PC behind the ASA hangs every couple of minutes. We captured traffic on the client PC, and behind the PIX at this end in front of the server. We saw that the RDP client receives an RST even though no RST is captured on the server side. There is less than a second between the time apparently good traffic is seen and the RST.
We don't know if it is the PIX or the ASA that is generating the RST, effectively ending the session. How can we determine why this is happening and on which device?