ASA 5505 VPN remote desktop connection slow

jrmdynamac · ‎05-24-2011

Hi all.

I have a question on a VPN connection. I have a remote access VPN setup on an ASA 5505 to be able to remote into a location and check the HVAC program running on a PC. The remote connection connects fine, but when I use remote desktop to connect to the PC, it connects quick, but the screen redraw and reaction time is extremely slow. EG: I click on the program and it takes about 20 seconds to draw the screen, or I click on a menu bar and get the same times for reactions.

Could this be a ISP Up/Download issue or is there something that I need to look at on the ASA to change?

If I connect to the remote and do a PING from my desktop to the remote Desktop, these are the results that I get:

Reply from 192.168.XX.XX: bytes=32 time=96ms TTL=128

Reply from 192.168.XX.XX: bytes=32 time=132ms TTL=128

Reply from 192.168.XX.XX: bytes=32 time=90ms TTL=128

Reply from 192.168.XX.XX: bytes=32 time=93ms TTL=128

Packets: Sent=4, Recieved=4, Lost=0

Approximate Round Trip time in milli-seconds:

Minimum = 90ms, Maximum = 132ms, Average = 102ms

Thanks

--Jon

Yudong Wu · ‎05-24-2011

can you use wireshark to capture packet of RDP session on PC? and capture the packet on ASA outside interface.

This could tell us if the slowness was caused by packet drop, fragmentation, or something else.

jrmdynamac · ‎05-24-2011

I have never used WireShark before, so hope I got what you are asking for.

CR wireshark is the remote site on the inside interface.

WC wireshark is my workstation on the Cisco Interface

I ran the program both at the same time while remoted in and opened the app that I have issues with. In downloading the wireshark program fromthe remote, I did notice that the system does speed up till heavy graphics come into play. Don't know if that helps any or not.

-Jon

Yudong Wu · ‎05-25-2011

HI Jon,

Where did you do the capture for "WC wireshark is my workstation on the Cisco Interface"? I saw a Sonicwall device is at RDP server side based on source MAC.

Could you bypass it to see if you still see the issue?

If yes, could you please do the following capture again?

1. connnect vpn client to ASA

2. on vpn client start the capture by using Wireshark (you can filter the capture by IP)

3. on RDP server, start the capture by using Wireshark (you can filter the capture by IP)

4. On ASA, you can enable the capture on the inside interface as following

access-list cap permit ip host host

capture in access-list cap interface inside packet-length 100

5. Then initiate RDP from vpn client to server

6. collect the packet capture file from client and server

7. upload the packet capture file from ASA to your ftp or tftp server by the following command and then download it.

copy /pcap capture:in

If http server is enabled on ASA, you can download it directly from it by

https:///capture/http/pcap

adam4it10 · ‎06-27-2011

If you are having issues with screen redraws and response time, you might want to look at Ericom Blaze,

a software product that accelerates AND compresses standard Microsoft RDP, so it speeds RDP while conserving bandwidth. Blaze accelerates RDP performance by as much as 10-25 times, and helps deliver higher frame rates and reduce screen freezes and choppiness.

You can read more about Blaze and download a free evaluation at:

http://www.ericom.com/EricomBlaze