remote desktop through ASA5510

gdspa · ‎01-02-2008

Hi all, I have a problem to connect to a pc behind an ASA 5510 either with remote desktop or with vnc. When I try, connection disconnects frequently, sometimes after few seconds, sometimes after 2 minutes. I've controlled log of ASA and I think it is the cause of these difficulties. Rules are ok, my pc can access with all ip protocols.

fropert · ‎01-02-2008

Hello,

Do you have on a linux or bsd gateway on the path between you and the remote pc ?

It could be the source of the problem with RST your remote desktop/vnc connections.

gdspa · ‎01-02-2008

Thank you for your answer.

No, I have Windows XP on both pcs. I didn't write that I pass through a FWSM and the ASA 5510; if I consider FWSM, my pc is on an interface more secure than the interface where the ASA is. I tried to connect to a pc which was behind FWSM and I didn't have any problem. This is the reason why I think the problem is caused by ASA.

Christopher Dreier · ‎01-02-2008

gdspa,

You can take captures directly on the ASA interfaces to review the communication between your RDC client and server.

When you say that the PC disconnects after a certain amount of time, you should be clear, at that point, that your issue is not related to ACLs, NAT, or anything else hard-configured on the device.

So what's left? You have connection timeouts, which, while not dynamic, are variable. Then you have inspects, of which we have none for RDP.

What should you gather? Captures on the ASA interfaces related to the client and server, plus syslogs surrounding the entire communication.

Here is the section of the command reference pertaining to the capture command:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c1.html#wp2090739

You can pull these captures off by copying them as you would copy any other file - with one addition, the /pcap argument.

Assuming you have a capture named in_cap:

copy /pcap capture:in_cap tftp:

or via HTTPS as follows:

https:///capture/in_cap/pcap

Thanks,

-=Blayne

gdspa · ‎01-02-2008

I exclude timeouts could be the reason, I don't always have the same behaviour, sometimes I can't connect at all, other times I connect for 10 seconds or for a couple of minutes. I read that other people had some problems using rdesktop through ASA. Don't you think it could be a bug in the firewall?

Christopher Dreier · ‎01-02-2008

A bug is always possible, and it is also always the last resort. Before we can make any logical conclusions about why something is happening, we need to gather data to know exactly what is happening. Captures and syslogs are the tools that can help us to answer the "what" first, and then the "why."

gdspa · ‎01-04-2008

In the log of ASA I find this line when the connection stops:

6 Jan 04 2008 13:16:01 302014 PC-B PC-A Teardown TCP connection 1554559 for ospiti:PC-B/3390 to inside:PC-A/2921 duration 0:00:27 bytes 490314 TCP Reset-I

I read that TCP Reset-I means that one of the 2 pcs sent a packet which caused the disconnection.

Is it right?

Christopher Dreier · ‎01-04-2008

It means that a Reset was seen on the higher security interface (I=inside) for this connection.