I'm having issues with users intermittently dropping RDP sessions when connecting through IPsec remote VPN. The Windows RDP session seems to drop and re-connect. I'd like to think it's not an issue on the firewall (ASA5540) because I don't see users dropping their active IPsec connection.
Assuming that's the case, I don't know where to look beyond the firewall. We aren't doing anything through GPO for RDP.
Through research some suggest MTU size may be the issue. My inside/outside interfaces are both set for 1500 and I'm not sure I want to change that.
Does anyone out there happen to have any other suggestions on where to begin troubleshooting?
Please let us know the firewall version ?
how frequent is this issue occurring ?
Please try to do continuous ping when you see the RDP reconnecting.
Is there any other rule/ access list for this mentioned RDP IP address ?
The firewall is an ASA5540 running 8.0(3).
It happens periodically, and not every day.
There is just one access list set for each remote VPN user. The access list allows user from any source to only the specific destination IP.
Yesterday when users were complaining about dropping RDP sessions I tested it for myself from an outside connection. I did see the issue with RDP disconnecting and reconnecting. I did a continuous ping to the destination and saw some latency (10 - 20ms response) but nothing too spectacular and never a time out.
if it is not timing out during continuous ping.then we will need to check in other aspects.
the latency that you mentioned looks ok which is between 10s and 20s.
you tried to ping the Remote machine with Hostname or its IP address ?
when this issue occurs next time try to trace route to the RDP Machine and see were excatly you see the latency or drop happening.
In the Event Viewer of the Windows server, do you see any warning/error ? In the option of your mstsc.exe, do you use the Gateway ? Do you use a certificate on your Windows server for terminal services ?
Well the device users are using RDP to is just a workstation (Windows 7 PC) I'd mentioned that I tested it out myself to my PC. I looked through the event viewer and I didn't see any warnings or errors, best I saw was informational of the connection made and connection terminated.
Currently all connection settings in MSTSC are default including Automatically detect RD Gateway server settings.
That's the plan. I've got it downloaded and ready to capture. This has been a sporadic issue it's hard to nail down the issue until users start complaining.
In your asa, have you enable the log with facility information ? If yes, you must check if the connection RDP stoip with TCP-RST flag
I was pinging to the remote end via IP and not hostname.
I'll have to try a trace route next time and see if I notice an increase in latency. The next hop inside is a 3750 stack that I've noticed is running a higher than normal CPU when these complaints come in so I'm wondering if that isn't the root of the problem.