Re: Firewall Issue

jeremys · ‎01-09-2009

Rookie here so please forgive me as I have no Cisco knowledge.

At my work we have a site to site VPN and the status is up. I can ping their private ip and the other end can ping my server. However when he tries to RDP to my server he is unable to. My guess is it's the firewall on our 2821. How would I go about allowing him access? If it's not a firewall issue what else would it be?

Thank you in advance.

Collin Clark · ‎01-12-2009

More likely it's the MTU size, especially if your connected via DSL. You can adjust it under the interface (your LAN interface).

(config-if)#ip tcp adjust-mss ?

<500-1460> Maximum segment size in bytes

To find the correct size, ping from one side to the other with a large packet size and decrease it until it is successful. That should be close to the size you enter above. Here's an example from Windows.

F:\>ping -l 1500 -f 192.168.5.15

Pinging 192.168.5.15 with 1500 bytes of data:

Packet needs to be fragmented but DF set.

Ping statistics for 192.168.5.15:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

F:\>ping -l 1430 -f 192.168.5.15

Pinging 192.168.5.15 with 1430 bytes of data:

Reply from 192.168.5.15: bytes=1430 time=8ms TTL=55

Reply from 192.168.5.15: bytes=1430 time=10ms TTL=55

Reply from 192.168.5.15: bytes=1430 time=16ms TTL=55

Ping statistics for 192.168.5.15:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 8ms, Maximum = 16ms, Average = 10ms

Hope that helps.

ronshuster · ‎01-12-2009

This could also be a port restriction.

Can you telnet to port 3389, this is the RDP port.

jeremys · ‎01-12-2009

I can RDP just fine to the server from my workstation internally. The other guy is not able to and I don't think the port has been opened up which would explain why it's not working for him. How would I go about doing that?