Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1743
Views
0
Helpful
7
Replies

Terminal Services Client through VPN

ali-franks
Level 1
Level 1

‎11-27-2002 06:46 AM - edited ‎02-20-2020 10:24 PM

Hi,

Having trouble with this one so I wonder if anyone can help please?

VPN establishes from client 3.5.1 to PIX no prob. Can establish mapped drives, browse network etc.

The PIX has an ACL allowing port 3389, the MS default port, to the server. Now, this works OK if you dial an ISP then connect using the Connection Manager, login as normal etc. but will not play using a VPN!

Any ideas please?

Cheers

Ali

0 Helpful
7 Replies 7

bbaley
Level 3
Level 3

‎12-03-2002 12:05 PM

Based on the information here, I can only guess that your problem might have to do with routing. The first thing you need to check is which interface you are terminating your tunnel on. You need to verify that the PIX is forwarding traffic to the interface where the crypto map exists. You need to ensure that you have specified a route to the remote network with the appropriate next hop.

0 Helpful

ali-franks
Level 1
Level 1
In response to bbaley

‎12-05-2002 02:20 AM

Hi Bill,

The VPN is terminating correctly on the outside interface.

When you say "You need to ensure that you have specified a route to the remote network with the appropriate next hop. " do you mean a route inside?

The WTS server is on the same LAN as the inside interface.

Ali

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to ali-franks

‎12-07-2002 12:24 AM

Hi Ali,

1. Using the same host that is having problems when connecting through the VPN, use the statically translated Public ip address and make sure that Terminal Services is working fine for this host. This is just to make sure that you are having issues only through VPN.

2. Now make an IPSec connection using the VPN Client and try pinging the Terminal Server and if that works fine then we know that there is IP Connectivity and your routing is looking good.

Now from the same host and through the IPSec connection, send ping packets with different packet size and see where the pings start failing.

And if possible, try to lower the MTU size on the host and then give it a shot.

Regards,

Arul

0 Helpful

ali-franks
Level 1
Level 1
In response to ajagadee

‎12-09-2002 07:57 AM

Arul,

1.The statically translated address works fine when used with normal dial access to an ISP

2. Using the VPN client I can ping the public IP address and the statically assigned

3. Pinging the Terminal Server with 992 bytes is no prob but it fails on 993 bytes

A colleague reckons that to change the MTU on the client involves using the command line and that in turn will change the MTU setting in the registry. Is that correct or am I of down the wrong road?

Ali

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to ali-franks

‎12-09-2002 11:40 AM

Hi Ali,

You can use a software called DrTCP to adjust the MTU.

Regards,

Arul

0 Helpful

ali-franks
Level 1
Level 1
In response to ajagadee

‎12-11-2002 02:14 AM

Arul,

I've tried that but DrTCP doesn't seem to pick up the Modem Interface on my Xircom PC card for some reason. Tried reboots, start/stop service etc but to no avail.

Any other ideas please?

Ali

0 Helpful

ali-franks
Level 1
Level 1
In response to ali-franks

‎01-15-2003 01:23 AM

FYI,

Using VPN Client 3.6.3, Set MTU to 576 and away you go! As long as the inbound ACL has 3389 allowed of course.

By the way, in case your wondering, NO I have not spent all this time figuring this out :)

Ali

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card