Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3088
Views
0
Helpful
9
Replies

IPsec Remote Site VPN / RDP dropping

eric-owens
Level 1
Level 1

‎10-06-2014 02:28 PM - edited ‎02-21-2020 07:51 PM

I'm having issues with users intermittently dropping RDP sessions when connecting through IPsec remote VPN.  The Windows RDP session seems to drop and re-connect.  I'd like to think it's not an issue on the firewall (ASA5540) because I don't see users dropping their active IPsec connection.  

Assuming that's the case, I don't know where to look beyond the firewall.  We aren't doing anything through GPO for RDP.  

Through research some suggest MTU size may be the issue.  My inside/outside interfaces are both set for 1500 and I'm not sure I want to change that. 

Does anyone out there happen to have any other suggestions on where to begin troubleshooting?

 

Thanks!

Labels:
0 Helpful
9 Replies 9

shine pothen
Level 3
Level 3

‎10-06-2014 10:19 PM

Hey Eric-Owens,

Please let us know the firewall version ?

how frequent is this issue occurring ?

Please try to do continuous ping when you see the RDP reconnecting.

Is there any other rule/ access list for this mentioned RDP IP address ?

 

 

Pothen

  

 

0 Helpful

eric-owens
Level 1
Level 1
In response to shine pothen

‎10-07-2014 07:49 AM

 

The firewall is an ASA5540 running 8.0(3).  

It happens periodically, and not every day.  

There is just one access list set for each remote VPN user.  The access list allows user from any source to only the specific destination IP.  

 

Yesterday when users were complaining about dropping RDP sessions I tested it for myself from an outside connection.  I did see the issue with RDP disconnecting and reconnecting.  I did a continuous ping to the destination and saw some latency (10 - 20ms response) but nothing too spectacular and never a time out.

 

 

0 Helpful

shine pothen
Level 3
Level 3
In response to eric-owens

‎10-07-2014 09:44 PM

 

Hi,

if it is not timing out during continuous ping.then we will need to check in other aspects.

the latency that you mentioned looks ok which is between 10s and 20s.

you tried to ping the Remote machine with Hostname or its IP address ?

when this issue occurs next time try to trace route to the RDP Machine and see were excatly you see the latency or drop happening.

 

 

0 Helpful

Walter Astori
Level 1
Level 1
In response to shine pothen

‎10-08-2014 12:49 AM

In the Event Viewer of the Windows server, do you see any warning/error ? In the option of your mstsc.exe, do you use the Gateway ? Do you use a certificate on your Windows server for terminal services ?

0 Helpful

eric-owens
Level 1
Level 1
In response to Walter Astori

‎10-08-2014 07:42 AM

Well the device users are using RDP to is just a workstation (Windows 7 PC)  I'd mentioned that I tested it out myself to my PC.  I looked through the event viewer and I didn't see any warnings or errors, best I saw was informational of the connection made and connection terminated. 

 

Currently all connection settings in MSTSC are default including Automatically detect RD Gateway server settings.

0 Helpful

Walter Astori
Level 1
Level 1
In response to eric-owens

‎10-08-2014 08:12 AM

Can you install wireshark on Windows 7, then you can run wireshark  and verify when the connection RDP stop.

0 Helpful

eric-owens
Level 1
Level 1
In response to Walter Astori

‎10-08-2014 08:22 AM

That's the plan.  I've got it downloaded and ready to capture.  This has been a sporadic issue it's hard to nail down the issue until users start complaining.

0 Helpful

Walter Astori
Level 1
Level 1
In response to eric-owens

‎10-08-2014 11:35 PM

In your asa, have you enable the log with facility information ? If yes, you must check if the connection RDP stoip with TCP-RST flag

0 Helpful

eric-owens
Level 1
Level 1
In response to shine pothen

‎10-08-2014 07:32 AM

I was pinging to the remote end via IP and not hostname.

 

I'll have to try a trace route next time and see if I notice an increase in latency.  The next hop inside is a 3750 stack that I've noticed is running a higher than normal CPU when these complaints come in so I'm wondering if that isn't the root of the problem.

0 Helpful
Top