Hi, searching hi & low, regarding intermittent disconnects for RDP sessions.
Am interested in any pointers.
Situation is following: Multiple RDP servers behind ASA, sometimes a user, and sometimes all users to one server from outside our ASA suffer intermittent disconnects (once a day, once a week, couple times a day etc). We have never noticed this when connected for many hours within the internal network. So I rule out servers, NICs and Switches, and try to concentrate fault finding to the ASA as a common bottleneck. Inbound connection is fibre, full duplex, no packet loss according to our national ISP, so we have no known issues with this connectivity.
ASA config is pretty much straightforward, allowing RDP through to dedicated servers. Haven't touched timeout, nor inspect.
What would YOU test or look for first in fault finding this? What should I look for in the syslogs? Could the timeouts spook us, or MTU, or random PAT conflicts - or no way that it's the ASA that is the trouble ???
Take a very careful look at the network stats on the ASA's INSIDE & OUTSIDE ethernet network connections. I have seen this issue caused by intermittent ethernet errors on 1 of the interfaces, could be duplex issue, bad cable, faulty interface on a switch or router, could also be something like a 62 micron fiber patch cable being used in a 50 micron interface or CAT 5 or 5e patch cable in a gig interface.
I looked through the output, there are a lot of dropped packets but that could be normal. 1 thing I would recommend is to bag all of the auto interface configs. Basically change every interface that connects a router port to a firewall port and vice a versa to fixed 100 full duplex. Not sure if this is your issue but I have had a similar issue to yours and that was the fix.
I compared the stats against several other ASA we have installed at client locations. They all signal dropped packets when an ACL triggers, so the more attacks, (or harder rules) - the more drops. In none of the cases except one of the interfaces above, are there collissions - and no interfaces have any physical errors reported.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...