02-01-2012 08:11 AM - edited 02-21-2020 05:51 PM
I have an issue that I believe IS NOT ASA or AnyConnect related, but I need to ask the support comm. just the same.
ASA5510 8.2(5) OS; AnyConn Windows 2.5.2017
RDP PC client - Win7 Pro 64-bit
I can make the VPN conn to the ASA
I can ping any pingable IP on the protected net
I can RDP to a W2k8 64-bit server (domain-controller)
I cannot RDP to a W2k3 server (WTS) - I don't even get the Microsoft domain login screen - just times out.
I am connecting to both by IP address to preclude DNS issues.
From a 32-bit OS PC I can RDP to either.
Suggestions?
Thx,
Phil
02-01-2012 12:49 PM
Found MTU=1436 on outside
Change to default 1500 and problem resolved.
02-01-2012 02:24 PM
Phil
Thanks for posting back to the forum that the problem turned out to be MTU. I read your description of the problem and it certainly did not look to me like a problem with MTU. But one of the nice things about the forum is being reminded of the variety of things that can cause problems.
HTH
Rick
02-01-2012 02:28 PM
Yes, but now need to understand why RDP to W2k3 fails and W2k8 succeeds. Both on same cat 3560 switch and ports/NICs are auto/auto and no errors on switchports. ASA inside is conn to 3560 too and error free
02-01-2012 02:43 PM
Phil
Yes that is an interesting question. For this perhaps a packet capture and Wireshark might be helpful.
My guess is that there is some difference in how (or whether) they negotiate max segment size.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide