Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

RDP/SSH not working when connected with vpn

Hello,

VPN users have started to complain that they cannot access any of there servers through RDP/SSH when they are connected with VPN.

When I check the logs i can see them connected but cannot see anything after that.

Any Ideas?

Thanks

Tahir

8 REPLIES
Silver

Re: RDP/SSH not working when connected with vpn

Do your servers have a route to the VPN clients?

Community Member

Re: RDP/SSH not working when connected with vpn

Hi,

Yes they all have routes back to the vpn clients.

This fault has just recently started.

Silver

Re: RDP/SSH not working when connected with vpn

The VPN clients are able to ping the servers and get a response?

Were there any other changes made that could have impacted this access, such as firewall or adding additional encapsulation?

Community Member

Re: RDP/SSH not working when connected with vpn

Hi,

We do not allow ping.

I have checked and not made any changes that would affect this. This is only happening to a handful of users.

Thanks

Re: RDP/SSH not working when connected with vpn

Hi,

Is this a VPN client connection using the Cisco IPsec VPN client?

What is the VPN headend (ASA, router, etc.)?

Normally, when you configure a VPN tunnel, all encrypted traffic is allowed to pass through (unless explicity blocked).

You mentioned that you cannot PING.

Can you test any other kind of traffic to see if the packets are reaching the servers?

Do you have split tunneling configured?

Are you bypassing NAT for the VPN traffic?

Is the VPN client getting an IP address assigned?

Federico.

Community Member

Re: RDP/SSH not working when connected with vpn

Hi Fredrico,

This is using Cisco VPN client, the headend is a ASA.

What other kind of traffic can i test?

Split Tunneling is not configured.

How would i know that the user is bypassing NAT?

IP address is getting assigned by DHCP and the DG is the IP address that it picks up.

(Sorry but kind of fairly new to ASA and security)

Thanks

Tahir

Re: RDP/SSH not working when connected with vpn

In theory you can send any IP traffic that the server would receive (for example, telnet, SSH or any other traffic).

If this is not an option, since you're sending all traffic through the tunnel (no split-tunneling), on the ASA you should have the following:

There should be a NAT0 rule with an ACL defining the traffic for VPN. (I assumed this is fine since other clients work).

One test:

Enable the command: management access-inside

on the ASA and try to PING that address from the VPN client.

Post the output of the following commands, when the tunnel is established:

sh cry isa sa det --> phase 1 information

sh cry ips sa --> phase 2 information

Federico.

Silver

Re: RDP/SSH not working when connected with vpn

You might also verify that you have NAT-traversal configured.

crypto isakmp nat-traversal 20

370
Views
0
Helpful
8
Replies
CreatePlease to create content