I've read a few different posts about similar issues, but most of them do not really recommend any solutions.
Background:
- I have an ASA5505 setup at a data center in front of a few servers.
- I am succesfully making a VPN tunnel to the ASA from my remote location using with the Cisco VPN client
- I also tried the Shrew VPN client and it's working as well.
- I remotely work from a few different locations which use different ISPs (eg Rogers Cable, Bell DSL, Allstream, etc)
- I generally remote desktop from my windows 7 laptop into the windows 2008 servers at the data center and work on the servers.
- We have anywhere from 1 - 3 vpn tunnels going at a time from different people's laptops (1-3 different people are working).
The Problem:
-All laptops are having problems keeping the remote desktop (RDP) session up. RDP drops frequently, and at random times. Sometimes 2 minutes, sometimes 1 hour. etc.
-I ran an extended Ping test from my laptop to the remote server and I am getting about 3-5% packet loss. Not consistent, but I can see every few minutes 5-10 packets are dropped. I'm sure these dropped packets are causing RDP to drop.
- The VPN connection usually stays up (I don't have to login again), and sometimes the RDP session re-connects itself after a couple tries.
- I am also getting copy speeds of about 300-400 KB/s from my laptop to the server over the tunnel. Seems awfully slow for an ASA5505.
Any ideas on how I can trouble shoot this ?
MTU:
- I tried reducing the MTU on the ASA device Outside interface (frmo 1500 to 1300) but it doesn't seem to have any effect.
- I am pretty sure the Cisco VPN client is using an MTU of 1300 because I used the Cisco SetMTU utility.
DUPLEX/SPEED:
- I have the ASA interfaces set to auto/auto.
I generally use ASDM to administer the device, but I go into CLI when I have to.
I've asked an experienced system administrator to help me out but he doesn't have any other ideas. I can engage him if there are some advanced settings I need to change.
Are there any other tests I can do to narrow down where the problem might be?
Is a packet trace with wireshark my only option at this point?
Do you have any thoughts on what specific settings I should be looking at?
Thanks for taking the time to read this and help.