Remote access to office

Discussion in 'NZ Computing' started by GJ, Feb 19, 2006.

  1. GJ

    GJ Guest

    We have moved offices and can no longer get remote access working
    correctly. The ISP is still Telstra but the ISP connection has changed
    from Cable to DSL. We have a static IP. The DSL modem is a Dynalink
    RA230 and we use RADMIN www.radmin.com software. This has worked well
    for over 1 year without issue.

    We are connecting to the Remote PC, running RADMIN server, the client
    connection will come up and say "Loading Initial Screen" but the client
    screen never loads. The log on the RADMIN server at the office shows the
    connection being made and then closing 1 minute after connecting . The
    client is still showing "Loading Initial Screen" at least 5 minutes
    after the server closing the connection.

    I am wondering if there is a NAT issue. I ask this as I have no friggen
    idea how NAT works. but know it means Network Address Translation.

    The current setup is we have the Dynalink RA230 DSL modem port
    forwarding to the Smoothwall firewall that port forwards to a specific
    PC for remote connection. Previously the Cable Modem had no firewall,
    etc services.

    In the old office the connection went straight through the Cable Modem.

    Anyone have any ideas of what to do or where to look?

    GJ
     
    GJ, Feb 19, 2006
    #1
    1. Advertising

  2. On Sun, 19 Feb 2006 13:52:04 +1300, GJ wrote:

    > Anyone have any ideas of what to do or where to look?


    Your firewall? Your Router?


    A Nice Cup of Tea

    --
    A: because it messes up threading
    Q: why should I not reply by top-posting?
    A: No.
    Q: Should I include quotations after my reply?
     
    A Nice Cup of Tea, Feb 19, 2006
    #2
    1. Advertising

  3. GJ

    Enkidu Guest

    GJ wrote:
    >
    > We have moved offices and can no longer get remote access working
    > correctly. The ISP is still Telstra but the ISP connection has changed
    > from Cable to DSL. We have a static IP. The DSL modem is a Dynalink
    > RA230 and we use RADMIN www.radmin.com software. This has worked well
    > for over 1 year without issue.
    >

    rAdmin is a dog! I only use it because I have to! But that doesn't help
    you, does it? You'd know that already.
    >
    > We are connecting to the Remote PC, running RADMIN server, the client
    > connection will come up and say "Loading Initial Screen" but the client
    > screen never loads. The log on the RADMIN server at the office shows the
    > connection being made and then closing 1 minute after connecting . The
    > client is still showing "Loading Initial Screen" at least 5 minutes
    > after the server closing the connection.
    >
    > I am wondering if there is a NAT issue. I ask this as I have no friggen
    > idea how NAT works. but know it means Network Address Translation.
    >
    > The current setup is we have the Dynalink RA230 DSL modem port
    > forwarding to the Smoothwall firewall that port forwards to a specific
    > PC for remote connection. Previously the Cable Modem had no firewall,
    > etc services.
    >
    > In the old office the connection went straight through the Cable Modem.
    >
    > Anyone have any ideas of what to do or where to look?
    >

    What you have is similar to what I have, except that I don't use rAdmin
    into my network!

    I'm surprised that the client gets "Loading Initial Screen" because that
    means that it has connected the server!

    Are you sure that the routing is correct? The server should have a
    specific route to the Internet via the firewall and the firewall should
    have a route to the Internet via the Dynalink. But it all sounds fine.

    The next thing that I would do is capture the traffic (probably at the
    firewall) and see what it happening.

    Cheers,

    Cliff
     
    Enkidu, Feb 19, 2006
    #3
  4. GJ

    Tony Guest

    The problem will most likely be related to MTU. The dsl link will have
    an MTU of less that 1500 and most likely your router will have poor
    firewalling and be dropping all ICMP as most people seem to think ICMP
    is "ICMP echo request" (ping). There are two solutions -

    1. Fix your routers Fire walling so it does not drop ICMP (which allows
    ICMP path discovery, thus reducing the clients MTU)
    2. Reduce the MTU of your VPN server to 1460 or so.


    GJ wrote:
    > We have moved offices and can no longer get remote access working
    > correctly. The ISP is still Telstra but the ISP connection has changed
    > from Cable to DSL. We have a static IP. The DSL modem is a Dynalink
    > RA230 and we use RADMIN www.radmin.com software. This has worked well
    > for over 1 year without issue.
    >
    > We are connecting to the Remote PC, running RADMIN server, the client
    > connection will come up and say "Loading Initial Screen" but the client
    > screen never loads. The log on the RADMIN server at the office shows the
    > connection being made and then closing 1 minute after connecting . The
    > client is still showing "Loading Initial Screen" at least 5 minutes
    > after the server closing the connection.
    >
    > I am wondering if there is a NAT issue. I ask this as I have no friggen
    > idea how NAT works. but know it means Network Address Translation.
    >
    > The current setup is we have the Dynalink RA230 DSL modem port
    > forwarding to the Smoothwall firewall that port forwards to a specific
    > PC for remote connection. Previously the Cable Modem had no firewall,
    > etc services.
    >
    > In the old office the connection went straight through the Cable Modem.
    >
    > Anyone have any ideas of what to do or where to look?
    >
    > GJ
     
    Tony, Feb 19, 2006
    #4
  5. GJ

    ~misfit~ Guest

    MTU Settings? Was: Re: Remote access to office

    Tony wrote:
    > The problem will most likely be related to MTU. The dsl link will have
    > an MTU of less that 1500 and most likely your router will have poor
    > firewalling and be dropping all ICMP as most people seem to think ICMP
    > is "ICMP echo request" (ping). There are two solutions -
    >
    > 1. Fix your routers Fire walling so it does not drop ICMP (which
    > allows ICMP path discovery, thus reducing the clients MTU)
    > 2. Reduce the MTU of your VPN server to 1460 or so.


    Hey Tony, hope you don't mind, I just want to hi-jack a branch of this
    thread.

    I was recently advised by my ISP to try setting my MTU/MSS/MRU in my router
    (My router calls it MRU) from the usual default of 1500 to 1492 to see if
    that improves my download speed, especially internationally. I did this (by
    backing up the ini file, editing it, then re-loading it) but didn't see any
    difference.

    Would dropping it to 1460 likely make any difference? Or should I just leave
    it at 1492?

    Thanks.
    --
    ~misfit~
     
    ~misfit~, Feb 19, 2006
    #5
  6. GJ

    Tony Guest

    Re: MTU Settings? Was: Re: Remote access to office


    > Hey Tony, hope you don't mind, I just want to hi-jack a branch of this
    > thread.
    >
    > I was recently advised by my ISP to try setting my MTU/MSS/MRU in my router
    > (My router calls it MRU) from the usual default of 1500 to 1492 to see if
    > that improves my download speed, especially internationally. I did this (by
    > backing up the ini file, editing it, then re-loading it) but didn't see any
    > difference.
    >
    > Would dropping it to 1460 likely make any difference? Or should I just leave
    > it at 1492?


    Interesting, the question is what has your ISP got set as the PPP MTU on
    their LNS (the device that terminates the L2TP tunnel assuming you are
    on a UBS connection). Personally I prefer to have the LNS set to
    fragment packets so it can maintain the 1500 MTU of ethernet, so that
    users don't have broken access to brain dead websites that firewall all
    ICMP. (the net effect is that the user gets pages that won't fully load,
    much like the VPN connection won't complete as packets are dropped, but
    there is an overhead in doing this).
    It's difficult to say if there would be any benefit adjusting the MTU on
    your end, you may find it breaks other things.
     
    Tony, Feb 19, 2006
    #6
  7. GJ

    ~misfit~ Guest

    Re: MTU Settings? Was: Re: Remote access to office

    Tony wrote:
    >> Hey Tony, hope you don't mind, I just want to hi-jack a branch of
    >> this thread.
    >>
    >> I was recently advised by my ISP to try setting my MTU/MSS/MRU in my
    >> router (My router calls it MRU) from the usual default of 1500 to
    >> 1492 to see if that improves my download speed, especially
    >> internationally. I did this (by backing up the ini file, editing it,
    >> then re-loading it) but didn't see any difference.
    >>
    >> Would dropping it to 1460 likely make any difference? Or should I
    >> just leave it at 1492?

    >
    > Interesting, the question is what has your ISP got set as the PPP MTU
    > on their LNS (the device that terminates the L2TP tunnel assuming you
    > are on a UBS connection). Personally I prefer to have the LNS set to
    > fragment packets so it can maintain the 1500 MTU of ethernet, so that
    > users don't have broken access to brain dead websites that firewall
    > all ICMP. (the net effect is that the user gets pages that won't
    > fully load, much like the VPN connection won't complete as packets
    > are dropped, but there is an overhead in doing this).
    > It's difficult to say if there would be any benefit adjusting the MTU
    > on your end, you may find it breaks other things.


    Ok, thanks for that.
    --
    ~Shaun~
     
    ~misfit~, Feb 20, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter Sale
    Replies:
    1
    Views:
    12,098
    Robin Walker
    Dec 11, 2004
  2. =?Utf-8?B?Um9uSm9u?=

    Remote access to my office computer from my home computer.

    =?Utf-8?B?Um9uSm9u?=, Jun 28, 2006, in forum: Microsoft Certification
    Replies:
    3
    Views:
    14,672
    hillary
    May 14, 2008
  3. Replies:
    6
    Views:
    491
  4. brickwalls19
    Replies:
    2
    Views:
    1,013
    brickwalls19
    Oct 5, 2006
  5. test_user
    Replies:
    1
    Views:
    435
    test_user
    Apr 28, 2008
Loading...

Share This Page