C7206 abnormal encryption behaviour

Unanswered Question
Aug 16th, 2009

Dear all,

    i have C7206 and other remote routers.

when i tried to make remote Desktop session on machines behind any remote router from machine behind C7206 ....>

it gives delay and session timeout.

if i delete encryption configuration it works.

i need any debugs can show me what is the problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 08/16/2009 - 04:08

Hello Ibrahim,

the question may be related on some initial multicast discovery attempt made by RDP client.


multicast or broadcast traffic is not encrypted and your ACLs specify local or remote IP subnets.

IPSec works well with unicast traffic.


the usage of WINS servers or the usage of ip helper address command may help in your case.

Verify also the MTU on the encrypted path you need to be able to support packets of 1500 bytes end-to-end between client vlans.



Hope to help

Giuseppe



Paolo Bevilacqua Sun, 08/16/2009 - 04:14

It is not possible to support MTU of 1500 on IPsec circuits, due to encryption overhad.


However, that should not pose any problem on an otherwise correctly configured network.

Actions

This Discussion