Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cicso VPN RDP issue

I have a working VPN tunnel between an ASA 5510 and a 1841 Router. I am having an issue with RDP connections dropping. I will get an initial connection, then it will drop after I start to enter the credentials (5 or so seconds). It takes 30 or so seconds before I am able to make a connection to that RDP server again. Usually with the same result. It seems that the issue occurs after we exceed a number of RDP connections. I am still able to ping the servers in question during the RDP connection issue. Any help would be greatly appreciated. Thanks.

4 REPLIES
Anonymous
N/A

Re: Cicso VPN RDP issue

You may try entering the command "timeout conn 0:0:0" on the ASA. You may also try changing the MTU size to1100 in ASA.

Cisco Employee

Re: Cicso VPN RDP issue

On the private (inside) interface of your router, enter the following command:

ip tcp adjust-mss 1300

Then try again.

PS. If you think this post was helpful, please do rate it.

New Member

Re: Cicso VPN RDP issue

Hi Auraza,

May I ask the command on the ASA side? My problem is I wont be able to connect thru RDP. Im using ASA5505 on both sites.

Attached are the running configs (IP Address and other configs has been omitted)

Thanks,

udimpas

Cisco Employee

Re: Cicso VPN RDP issue

Remove the following:

From HQ:

access-list outside_1_cryptomap_1 extended permit tcp inside 255.255.255.0 172.16.1.0 255.255.255.0 object-group RDP

From Remote:

access-list outside_1_cryptomap extended permit tcp any any object-group RDP

--

The HQ has these routes:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

route inside 0.0.0.0 255.255.255.0 192.168.10.4 1

route outside 172.16.1.0 255.255.255.0 192.168.10.1 1

route outside 172.16.1.0 255.255.255.0 192.168.10.4 1

How come you have a default route pointing inside, and then internal networks also on the outside interface? Shouldn't 172.16.1.0 point to the inside interface to a router on the inside?

--

The Remote has these routes:

route outside 0.0.0.0 0.0.0.0 58.69.234.209 1

route inside 0.0.0.0 255.255.255.0 172.16.1.1 1

route inside 0.0.0.0 255.255.255.0 58.69.234.209 1

Why do you have default routes pointing to the inside on the remote?

320
Views
0
Helpful
4
Replies