Assistance in troubleshooting CBAC for remote desktop access to office network

Discussion in 'Cisco' started by brickwalls19, Oct 4, 2006.

  1. brickwalls19

    brickwalls19 Guest

    My home router is a Cisco 2600 running 12.2(34) firewall feature set.
    Accessing the internet with the running CBAC works. I can successfully
    VPN to my company network. My issue is when trying to remote desktop to
    a server and my office computer.

    - I know that I successfully established a TCP handshake with the
    server because I did a traffic capture and saw the SYN/SYN-ACK/ACK. The
    furthest I get is seeing the blue desktop screen on my Remote Desktop
    window and then the "network error" message. I don't even get to see
    the Windows Logon screen.
    - My ZoneAlarm log shows that it allowed the 3389 connection to the
    server. I even shutdown ZoneAlarm and tried again. No change.
    - I figure it's something to do with my home router config because I
    plugged my laptop directly to my cable modem and I'm able to VPN and
    remote desktop to my server and office computer.

    Just need some help/suggestions in finding out why it's not working.
    Thanks.

    my partial router configuration:
    ip inspect max-incomplete high 1100
    ip inspect one-minute high 1100
    ip inspect name CBAC tcp
    ip inspect name CBAC udp
    ip audit notify log
    ip audit po max-events 100
    !
    interface FastEthernet0/0
    description ---- connect to Internet ----
    ip address dhcp
    ip access-group CBAC in
    no ip proxy-arp
    ip nat outside
    ip inspect CBAC out
    duplex auto
    speed auto
    no cdp enable
    !
    ip access-list extended CBAC
    permit udp any eq bootps any eq bootpc
    permit gre any any
    permit icmp any any echo-reply
    permit icmp any any traceroute
    deny ip any any log
    brickwalls19, Oct 4, 2006
    #1
    1. Advertising

  2. the RDP server is connected at the remote end of vpn ?

    Check the MTU and MSS size


    "brickwalls19" <> wrote in message
    news:...
    > My home router is a Cisco 2600 running 12.2(34) firewall feature set.
    > Accessing the internet with the running CBAC works. I can successfully
    > VPN to my company network. My issue is when trying to remote desktop to
    > a server and my office computer.
    >
    > - I know that I successfully established a TCP handshake with the
    > server because I did a traffic capture and saw the SYN/SYN-ACK/ACK. The
    > furthest I get is seeing the blue desktop screen on my Remote Desktop
    > window and then the "network error" message. I don't even get to see
    > the Windows Logon screen.
    > - My ZoneAlarm log shows that it allowed the 3389 connection to the
    > server. I even shutdown ZoneAlarm and tried again. No change.
    > - I figure it's something to do with my home router config because I
    > plugged my laptop directly to my cable modem and I'm able to VPN and
    > remote desktop to my server and office computer.
    >
    > Just need some help/suggestions in finding out why it's not working.
    > Thanks.
    >
    > my partial router configuration:
    > ip inspect max-incomplete high 1100
    > ip inspect one-minute high 1100
    > ip inspect name CBAC tcp
    > ip inspect name CBAC udp
    > ip audit notify log
    > ip audit po max-events 100
    > !
    > interface FastEthernet0/0
    > description ---- connect to Internet ----
    > ip address dhcp
    > ip access-group CBAC in
    > no ip proxy-arp
    > ip nat outside
    > ip inspect CBAC out
    > duplex auto
    > speed auto
    > no cdp enable
    > !
    > ip access-list extended CBAC
    > permit udp any eq bootps any eq bootpc
    > permit gre any any
    > permit icmp any any echo-reply
    > permit icmp any any traceroute
    > deny ip any any log
    >
    www.ipnetworks.it, Oct 4, 2006
    #2
    1. Advertising

  3. brickwalls19

    brickwalls19 Guest

    Check the MTU and MSS on which end of the link? My laptop, my router,
    the server, or all? Am I looking for the values to be the same? I'll
    check and respond back with the values.

    www.ipnetworks.it wrote:
    > the RDP server is connected at the remote end of vpn ?
    >
    > Check the MTU and MSS size
    >
    >
    > "brickwalls19" <> wrote in message
    > news:...
    > > My home router is a Cisco 2600 running 12.2(34) firewall feature set.
    > > Accessing the internet with the running CBAC works. I can successfully
    > > VPN to my company network. My issue is when trying to remote desktop to
    > > a server and my office computer.
    > >
    > > - I know that I successfully established a TCP handshake with the
    > > server because I did a traffic capture and saw the SYN/SYN-ACK/ACK. The
    > > furthest I get is seeing the blue desktop screen on my Remote Desktop
    > > window and then the "network error" message. I don't even get to see
    > > the Windows Logon screen.
    > > - My ZoneAlarm log shows that it allowed the 3389 connection to the
    > > server. I even shutdown ZoneAlarm and tried again. No change.
    > > - I figure it's something to do with my home router config because I
    > > plugged my laptop directly to my cable modem and I'm able to VPN and
    > > remote desktop to my server and office computer.
    > >
    > > Just need some help/suggestions in finding out why it's not working.
    > > Thanks.
    > >
    > > my partial router configuration:
    > > ip inspect max-incomplete high 1100
    > > ip inspect one-minute high 1100
    > > ip inspect name CBAC tcp
    > > ip inspect name CBAC udp
    > > ip audit notify log
    > > ip audit po max-events 100
    > > !
    > > interface FastEthernet0/0
    > > description ---- connect to Internet ----
    > > ip address dhcp
    > > ip access-group CBAC in
    > > no ip proxy-arp
    > > ip nat outside
    > > ip inspect CBAC out
    > > duplex auto
    > > speed auto
    > > no cdp enable
    > > !
    > > ip access-list extended CBAC
    > > permit udp any eq bootps any eq bootpc
    > > permit gre any any
    > > permit icmp any any echo-reply
    > > permit icmp any any traceroute
    > > deny ip any any log
    > >
    brickwalls19, Oct 5, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    11,966
    Robin Walker
    Dec 11, 2004
  2. Dave Marden
    Replies:
    16
    Views:
    10,702
    Dave Marden
    Jan 24, 2004
  3. eddy

    re: remote assistance and remote desktop

    eddy, Sep 20, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    1,103
    Evan Platt
    Sep 20, 2005
  4. Giuen
    Replies:
    0
    Views:
    863
    Giuen
    Sep 12, 2008
  5. louscannon

    remote assistance v remote desktop...

    louscannon, Mar 9, 2006, in forum: MCDST
    Replies:
    1
    Views:
    1,074
    MitchS
    Mar 9, 2006
Loading...

Share This Page