Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Intermittent/flakey outbound RDP connections from behind a PIX501

I'm having a problem connecting to Terminal Servers or Remote Desktop computers from behind a PIX501.

If you look at the config of the PIX501, we have incoming RDP and LPD printing which works fine. And outgoing (from LAN2, behind PIX) POP3, SMTP and DNS all work fine, but outgoing RDP does not.

Please take a look at the attached JPG of the network layout.

I can access "3rd Party TS servers" consistantly from :

1) various (5+) XP or 2003 machines on various networks / ISPs

2) machines on LAN1

but not from machines on LAN2.

Occasionally it works, but more often that not I can't connect and recieve the standard "This computer can't connect to the remote computer. Please try again".

All the machines in LAN2 have RDP client v6.0. I have tried reseting the PIX to factory default also.

So my question is, Why am I unable to reliably connect to Terminal Servers from machines in LAN2 via the PIX501?


Re: Intermittent/flakey outbound RDP connections from behind a P

Hi Simon,

A couple of questions regarding this issue:

1. Are any syslogs generated during a time when an RDP connection fails?

2. Does 'show xlate debug | i ' show any strange xlates getting built during the time of the problem? If you do a 'clear xlate' and re-try the connection, does it work?

3. Does 'show interface | i error|proto show any interface errors? If so, are these counters increasing?

4 Are you doing any load balancing between the client and the RDP server?

5. Can you gather simultaneous, bi-directional packet captures on both sides of the PIX for a failing RDP connection?


New Member

Re: Intermittent/flakey outbound RDP connections from behind a P

Hi Mike,

I ended up sorting this out. The Linksys Modem/Router we're using doesn't like PAT, but with NAT configured on the PIX everying works A Ok.

Thanks for your response.