Remote desktop not working with WAAS

Unanswered Question
Jun 22nd, 2010

I've got the WAAS setup and i'm see ok acceleration between sites but I have a complete failure of remote desktop.  I've had to place a deny statement in my access list on the remote sites router for port 3389 to exclude traffic from the WAAS to even be able to get an RDP connection to work.  I've tried to tell the WAAS to just set Remote-Desktop traffic to pass through but still no luck. Any help would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Zach Seils Tue, 06/22/2010 - 13:28

It is just RDP traffic you are having problems with, or other types of traffic as well?


Zach Seils Tue, 06/22/2010 - 13:33

Do you see any type of error message in the syslog.txt file of the WAAS devices indicating a loop?


Casey Compton Tue, 06/22/2010 - 14:02

Looking at both WAE's syslog.txt I don't see anything indicating any sort of errors.

Zach Seils Tue, 06/22/2010 - 14:03

Ok.  What do you see on the client when RDP traffic is being intercepted?


Casey Compton Tue, 06/22/2010 - 14:10

If traffic on port 3389 (RDP) is being seen by the WAAS and I initiate a Remote Desktop Session to a pc on the other end of the WAAS the connection will time out.  If RDP is being blocked from WAAS the connection will take a little bit to establish but will work fine.

Zach Seils Tue, 06/22/2010 - 14:13

Can you add RDP (even if just from a test client) back to the redirect list and take simultaneous packet captures on both WAAS devices?


Zach Seils Wed, 06/23/2010 - 05:39

The syntax on the WAAS device is:

tethereal -f "port 3389" -w .cap

where is the of the local file you want to save the capture in.



Casey Compton Wed, 06/23/2010 - 06:59

I was able to do the capture thanks for the instructions!

I've attached two capture files from the WAE at my location.  The first file 'noredirect_wi' is with port 3389 traffic going through the WAAS; it looks to me like traffic is reaching the destination but can't get back.  The second file 'redirect_wi' is with traffic for port 3389 by passing the WAAS and the RDP session working.

*I didn't include the destenation side captures because they had no data on port 3389 let me know if you would like me to do a capture on everything for that side.



Zach Seils Thu, 06/24/2010 - 11:45


What are you using for interception at the site where these captures were taken?


Casey Compton Thu, 06/24/2010 - 13:02

Because Internet access is allowed directly from the remote sites the ACL below will only redirect traffic destined for private addresses to the 474 located at the remote site.

ip access-list extended WCCP-REDIRECT

     permit tcp
     permit tcp
     permit tcp
     permit tcp
     permit tcp
     permit tcp

By adding this I can force RDP to sort of work

     deny tcp any any eq 3389
     deny tcp any eq 3389

Zach Seils Fri, 06/25/2010 - 10:01

The reason I ask is that I don't see any TCP auto-discovery options in the noredirect capture.  Do you have the policy for RDP traffic set ti pass-through?


Zach Seils Tue, 06/29/2010 - 08:56

Hmm ...

Can you provide additional detail on your deployment?  Are you tunneling traffic or performing any type of encryption?


Casey Compton Tue, 06/29/2010 - 09:11

All devices running 4.1.5f

Wave 574 at main site witha 274 CM, remote sites all have 474's.  All remote sites connect back to main site via VPN tunnels.

Zach Seils Wed, 06/30/2010 - 08:17

Would you mind posting a rough topology diagram of your deployment and one of your router configurations?



This Discussion