05-06-2015 09:35 AM - edited 03-11-2019 10:53 PM
Hi,
I have an issue with Microsoft RDPv8 on Windows 7 Embedded Clients when UDP is enabled in that the UDP RDP (UDP3389) packets are often sent with IP Option 8 enabled. I have no idea why this is but with the ASA dropping these packets the RDP session will regularly drop out for 10-20 seconds and then reconnect with a new session.
So far the only work around is to block UDP3389 on the firewall so even though UDP is enabled on the client only TCP is negotiated and the dropouts are prevented. The problem is UDP in RDPv8 provides a better experience and so far I haven't been able to resolve this in the RDP client.
So is there a way to cofnigured the ASA to allow IP Option 8 specifically? I see other IP Option types can be allowed through an ip-option map but not this one. Any help would be appreciated.
Thanks
Solved! Go to Solution.
05-07-2015 07:43 AM
Hi,
I don't think this IP Option 8 is supported through the ASA device.
Refer:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/configuration/firewall/asa-firewall-cli/inspect-basic.html#pgfId-2489321
Thanks and Regards,
Vibhor Amrodia
05-07-2015 07:43 AM
Hi,
I don't think this IP Option 8 is supported through the ASA device.
Refer:-
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/configuration/firewall/asa-firewall-cli/inspect-basic.html#pgfId-2489321
Thanks and Regards,
Vibhor Amrodia
05-07-2015 07:52 AM
Thanks Vibhor,
why is there this limitation? I understand why in the vast majority of cases packets with options set will need to be blocked but why can't the device be configured to allow this when required. I would have hoped an ip-option map could be configured to allow these packets but only from specific source addresses. Other firewall vendors support configuring the firewall to permit these packets.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide