C7206 abnormal encryption behaviour

Unanswered Question
Aug 16th, 2009
User Badges:

Dear all,

    i have C7206 and other remote routers.

when i tried to make remote Desktop session on machines behind any remote router from machine behind C7206 ....>

it gives delay and session timeout.

if i delete encryption configuration it works.

i need any debugs can show me what is the problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sun, 08/16/2009 - 04:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ibrahim,

the question may be related on some initial multicast discovery attempt made by RDP client.

multicast or broadcast traffic is not encrypted and your ACLs specify local or remote IP subnets.

IPSec works well with unicast traffic.

the usage of WINS servers or the usage of ip helper address command may help in your case.

Verify also the MTU on the encrypted path you need to be able to support packets of 1500 bytes end-to-end between client vlans.

Hope to help


paolo bevilacqua Sun, 08/16/2009 - 04:14
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

It is not possible to support MTU of 1500 on IPsec circuits, due to encryption overhad.

However, that should not pose any problem on an otherwise correctly configured network.


This Discussion