06-22-2010 01:25 PM
I've got the WAAS setup and i'm see ok acceleration between sites but I have a complete failure of remote desktop. I've had to place a deny statement in my access list on the remote sites router for port 3389 to exclude traffic from the WAAS to even be able to get an RDP connection to work. I've tried to tell the WAAS to just set Remote-Desktop traffic to pass through but still no luck. Any help would be appreciated.
06-22-2010 01:28 PM
It is just RDP traffic you are having problems with, or other types of traffic as well?
Zach
06-22-2010 01:29 PM
I've only seen issues with RDP traffic.
06-22-2010 01:33 PM
Do you see any type of error message in the syslog.txt file of the WAAS devices indicating a loop?
Zach
06-22-2010 02:02 PM
Looking at both WAE's syslog.txt I don't see anything indicating any sort of errors.
06-22-2010 02:03 PM
Ok. What do you see on the client when RDP traffic is being intercepted?
Zach
06-22-2010 02:10 PM
If traffic on port 3389 (RDP) is being seen by the WAAS and I initiate a Remote Desktop Session to a pc on the other end of the WAAS the connection will time out. If RDP is being blocked from WAAS the connection will take a little bit to establish but will work fine.
06-22-2010 02:13 PM
Can you add RDP (even if just from a test client) back to the redirect list and take simultaneous packet captures on both WAAS devices?
Zach
06-22-2010 02:41 PM
I'm not sure how I would do a packet capture on the WAAS device?
06-23-2010 05:39 AM
The syntax on the WAAS device is:
tethereal -f "port 3389" -w
where
Regards,
Zach
06-23-2010 06:59 AM
I was able to do the capture thanks for the instructions!
I've attached two capture files from the WAE at my location. The first file 'noredirect_wi' is with port 3389 traffic going through the WAAS; it looks to me like traffic is reaching the destination but can't get back. The second file 'redirect_wi' is with traffic for port 3389 by passing the WAAS and the RDP session working.
*I didn't include the destenation side captures because they had no data on port 3389 let me know if you would like me to do a capture on everything for that side.
Thanks,
Casey
06-24-2010 11:45 AM
Casey,
What are you using for interception at the site where these captures were taken?
Zach
06-24-2010 01:02 PM
Because Internet access is allowed directly from the remote sites the ACL below will only redirect traffic destined for private addresses to the 474 located at the remote site.
ip access-list extended WCCP-REDIRECT
permit tcp 10.0.0.0 0.255.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 10.0.0.0 0.255.255.255
permit tcp 172.16.0.0 0.15.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 17.16.0.0 0.15.255.255
permit tcp 192.168.0.0 0.0.255.255 172.17.0.0 0.0.255.25
permit tcp 172.17.0.0 0.0.255.255 192.168.0.0 0.0.255.255
By adding this I can force RDP to sort of work
deny tcp any any eq 3389
deny tcp any eq 3389
06-25-2010 10:01 AM
The reason I ask is that I don't see any TCP auto-discovery options in the noredirect capture. Do you have the policy for RDP traffic set ti pass-through?
Zach
06-29-2010 08:54 AM
Yes, i've set the default RDP rules as pass through.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide