01-21-2007 11:57 AM - edited 02-21-2020 01:22 AM
Help! I have 2 877 routers connected using site to site vpn over adsl links. Everything seems to work fine (ping/telnet etc) except remote desktop will not establish a connection back to the main site and the 2003 Terminal server. There are no firewall issues etc and hopefully a clue for everyone is I can get 2 laptops to connect with rdp from the remote site but only if they have the cisco vpn client installed on them (other machine without vpn client doesn't connect).....something linked with DNE? MTU or MSS but do I have to make changes to both routers or only one?
Also HP 3800n printer at remote site will not work but I can ping it on the network and I can even http to the maintenance page it has and yes I can telnet to it on port 9100.
Thanks for your help - AG
01-21-2007 11:46 PM
Ir really looks like MTU issue If you can ping but can't RDP it's because your traffic is larger than the MTU size permitted over the VPN...
On inside interfaces of both routers (LAN interface) enter:
ip tcp adjust-mss 1300
M.
Hope that helps rate if it does
01-22-2007 04:43 AM
Arrgh!! Thanks for the help - I did think that was the problem but now I've changed the mss to 1300 on both routers, the rdp has stopped working completely (with and without the vpn client installed) Printer does seem to work now though!!
Testing tunnel still comes back with add "crypto ipsec df-bit clear" to vpn interface but I have added this to both routers.......
01-22-2007 05:45 AM
Sorry, ignore last message. RDP was blocked by a rogue NAT rule setup ages ago. Strange the df-bit message still appears but conections are working.
Thanks for help - adjust-mss fixed the problem - AG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide