cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2621
Views
0
Helpful
17
Replies

Remote desktop not working with WAAS

Casey Compton
Level 1
Level 1

I've got the WAAS setup and i'm see ok acceleration between sites but I have a complete failure of remote desktop.  I've had to place a deny statement in my access list on the remote sites router for port 3389 to exclude traffic from the WAAS to even be able to get an RDP connection to work.  I've tried to tell the WAAS to just set Remote-Desktop traffic to pass through but still no luck. Any help would be appreciated.

17 Replies 17

Zach Seils
Level 7
Level 7

It is just RDP traffic you are having problems with, or other types of traffic as well?

Zach

I've only seen issues with RDP traffic.

Do you see any type of error message in the syslog.txt file of the WAAS devices indicating a loop?

Zach

Looking at both WAE's syslog.txt I don't see anything indicating any sort of errors.

Ok.  What do you see on the client when RDP traffic is being intercepted?

Zach

If traffic on port 3389 (RDP) is being seen by the WAAS and I initiate a Remote Desktop Session to a pc on the other end of the WAAS the connection will time out.  If RDP is being blocked from WAAS the connection will take a little bit to establish but will work fine.

Can you add RDP (even if just from a test client) back to the redirect list and take simultaneous packet captures on both WAAS devices?

Zach

I'm not sure how I would do a packet capture on the WAAS device?

The syntax on the WAAS device is:

tethereal -f "port 3389" -w .cap

where is the of the local file you want to save the capture in.

Regards,

Zach

I was able to do the capture thanks for the instructions!

I've attached two capture files from the WAE at my location.  The first file 'noredirect_wi' is with port 3389 traffic going through the WAAS; it looks to me like traffic is reaching the destination but can't get back.  The second file 'redirect_wi' is with traffic for port 3389 by passing the WAAS and the RDP session working.

*I didn't include the destenation side captures because they had no data on port 3389 let me know if you would like me to do a capture on everything for that side.

Thanks,

Casey

Casey,

What are you using for interception at the site where these captures were taken?

Zach

Because Internet access is allowed directly from the remote sites the ACL below will only redirect traffic destined for private addresses to the 474 located at the remote site.

ip access-list extended WCCP-REDIRECT

     permit tcp 10.0.0.0 0.255.255.255 172.17.0.0 0.0.255.25
     permit tcp 172.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255
     permit tcp 172.16.0.0 0.15.255.255 172.17.0.0 0.0.255.25
     permit tcp 172.17.0.0 0.0.255.255 17.16.0.0 0.15.255.255
     permit tcp 192.168.0.0 0.0.255.255 172.17.0.0 0.0.255.25
     permit tcp 172.17.0.0 0.0.255.255 192.168.0.0 0.0.255.255

By adding this I can force RDP to sort of work

     deny tcp any any eq 3389
     deny tcp any eq 3389

The reason I ask is that I don't see any TCP auto-discovery options in the noredirect capture.  Do you have the policy for RDP traffic set ti pass-through?

Zach

Yes, i've set the default RDP rules as pass through.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: