(Unused) VPN Client magically fixes slow RDP over site2site VPN??!?

Unanswered Question
Sep 9th, 2010
User Badges:

I recently added a(nother) IPSEC Site-to-site VPN from my 1841 router to a partner's VPN concentrator and the link works fine, stays up, and the partner is able to access a file share on my server.

But when users from my site try to RDP a server on the other end of the VPN it initially connects, allows them to login, displays the desktop, and then DRAGS becoming so slow to the point that the Remote Desktop client disconnects.

After verifying all my VPN settings, firewall rules, and just about everything else I could think about on the router I noticed that it was only desktops at my site experiencing the slow performance. Laptops on the same network segment were able to RDP the partner's server fine without any performance problems.

Wondering what could possibly be different between my desktops and laptops I came upon the Cisco VPN Client.

Turns out that on the desktops experiencing the problem, merely installing the Cisco VPN Client (version 4.something) eliminated the problems.

The weird part is that I didn't have to setup, run, configure, or use the client software at all - just installing it fixed the problem.


I'm racking my brains trying to figure out how/why this software should make any difference when all the VPN work should be happening on the router not the clients, and I have a hard time trying to explain to my bosses that the VPN Client just contains some voodoo magic that fixes stuff silently in the background.


My guesses are that the Deterministic Network Enhancer or the Auto MTU Configuration components of the client are what really fixed the prob, but does anyone else have a clue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Todd Pula Thu, 09/09/2010 - 08:44
User Badges:
  • Silver, 250 points or more

The RDP issue is more than likely MTU/fragmentation related.  The VPN client installation will reduce the MTU of the client's network interface to 1300 bytes.  To resolve for the rest of your clients, you can try to include the "ip tcp adjust-mss 1360" command on the router interface facing your clients.

Actions

This Discussion