Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
4
Replies

Cicso VPN RDP issue

tsimpson
Level 1
Level 1

‎06-19-2009 03:31 PM

I have a working VPN tunnel between an ASA 5510 and a 1841 Router. I am having an issue with RDP connections dropping. I will get an initial connection, then it will drop after I start to enter the credentials (5 or so seconds). It takes 30 or so seconds before I am able to make a connection to that RDP server again. Usually with the same result. It seems that the issue occurs after we exceed a number of RDP connections. I am still able to ping the servers in question during the RDP connection issue. Any help would be greatly appreciated. Thanks.

Labels:
0 Helpful
4 Replies 4

Not applicable

‎06-25-2009 06:19 AM

You may try entering the command "timeout conn 0:0:0" on the ASA. You may also try changing the MTU size to1100 in ASA.

0 Helpful

auraza
Cisco Employee
Cisco Employee

‎06-25-2009 09:40 AM

On the private (inside) interface of your router, enter the following command:

ip tcp adjust-mss 1300

Then try again.

PS. If you think this post was helpful, please do rate it.

0 Helpful

udimpas
Level 1
Level 1
In response to auraza

‎08-09-2009 11:58 PM

Hi Auraza,

May I ask the command on the ASA side? My problem is I wont be able to connect thru RDP. Im using ASA5505 on both sites.

Attached are the running configs (IP Address and other configs has been omitted)

Thanks,

udimpas

Preview file
7 KB
0 Helpful

auraza
Cisco Employee
Cisco Employee
In response to udimpas

‎08-10-2009 05:56 AM

Remove the following:

From HQ:

access-list outside_1_cryptomap_1 extended permit tcp inside 255.255.255.0 172.16.1.0 255.255.255.0 object-group RDP

From Remote:

access-list outside_1_cryptomap extended permit tcp any any object-group RDP

--

The HQ has these routes:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

route inside 0.0.0.0 255.255.255.0 192.168.10.4 1

route outside 172.16.1.0 255.255.255.0 192.168.10.1 1

route outside 172.16.1.0 255.255.255.0 192.168.10.4 1

How come you have a default route pointing inside, and then internal networks also on the outside interface? Shouldn't 172.16.1.0 point to the inside interface to a router on the inside?

--

The Remote has these routes:

route outside 0.0.0.0 0.0.0.0 58.69.234.209 1

route inside 0.0.0.0 255.255.255.0 172.16.1.1 1

route inside 0.0.0.0 255.255.255.0 58.69.234.209 1

Why do you have default routes pointing to the inside on the remote?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents