Assistance in troubleshooting CBAC for remote desktop access to office network

Discussion in 'Cisco' started by brickwalls19, Oct 4, 2006.

  1. brickwalls19

    brickwalls19 Guest

    My home router is a Cisco 2600 running 12.2(34) firewall feature set.
    Accessing the internet with the running CBAC works. I can successfully
    VPN to my company network. My issue is when trying to remote desktop to
    a server and my office computer.

    - I know that I successfully established a TCP handshake with the
    server because I did a traffic capture and saw the SYN/SYN-ACK/ACK. The
    furthest I get is seeing the blue desktop screen on my Remote Desktop
    window and then the "network error" message. I don't even get to see
    the Windows Logon screen.
    - My ZoneAlarm log shows that it allowed the 3389 connection to the
    server. I even shutdown ZoneAlarm and tried again. No change.
    - I figure it's something to do with my home router config because I
    plugged my laptop directly to my cable modem and I'm able to VPN and
    remote desktop to my server and office computer.

    Just need some help/suggestions in finding out why it's not working.
    Thanks.

    my partial router configuration:
    ip inspect max-incomplete high 1100
    ip inspect one-minute high 1100
    ip inspect name CBAC tcp
    ip inspect name CBAC udp
    ip audit notify log
    ip audit po max-events 100
    !
    interface FastEthernet0/0
    description ---- connect to Internet ----
    ip address dhcp
    ip access-group CBAC in
    no ip proxy-arp
    ip nat outside
    ip inspect CBAC out
    duplex auto
    speed auto
    no cdp enable
    !
    ip access-list extended CBAC
    permit udp any eq bootps any eq bootpc
    permit gre any any
    permit icmp any any echo-reply
    permit icmp any any traceroute
    deny ip any any log
     
    brickwalls19, Oct 4, 2006
    #1
    1. Advertisements

  2. the RDP server is connected at the remote end of vpn ?

    Check the MTU and MSS size
     
    www.ipnetworks.it, Oct 4, 2006
    #2
    1. Advertisements

  3. brickwalls19

    brickwalls19 Guest

    Check the MTU and MSS on which end of the link? My laptop, my router,
    the server, or all? Am I looking for the values to be the same? I'll
    check and respond back with the values.
     
    brickwalls19, Oct 5, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.