(Unused) VPN Client magically fixes slow RDP over site2site VPN??!?
I recently added a(nother) IPSEC Site-to-site VPN from my 1841 router to a partner's VPN concentrator and the link works fine, stays up, and the partner is able to access a file share on my server.
But when users from my site try to RDP a server on the other end of the VPN it initially connects, allows them to login, displays the desktop, and then DRAGS becoming so slow to the point that the Remote Desktop client disconnects.
After verifying all my VPN settings, firewall rules, and just about everything else I could think about on the router I noticed that it was only desktops at my site experiencing the slow performance. Laptops on the same network segment were able to RDP the partner's server fine without any performance problems.
Wondering what could possibly be different between my desktops and laptops I came upon the Cisco VPN Client.
Turns out that on the desktops experiencing the problem, merely installing the Cisco VPN Client (version 4.something) eliminated the problems.
The weird part is that I didn't have to setup, run, configure, or use the client software at all - just installing it fixed the problem.
I'm racking my brains trying to figure out how/why this software should make any difference when all the VPN work should be happening on the router not the clients, and I have a hard time trying to explain to my bosses that the VPN Client just contains some voodoo magic that fixes stuff silently in the background.
My guesses are that the Deterministic Network Enhancer or the Auto MTU Configuration components of the client are what really fixed the prob, but does anyone else have a clue?
Re: (Unused) VPN Client magically fixes slow RDP over site2site
The RDP issue is more than likely MTU/fragmentation related. The VPN client installation will reduce the MTU of the client's network interface to 1300 bytes. To resolve for the rest of your clients, you can try to include the "ip tcp adjust-mss 1360" command on the router interface facing your clients.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :