RDP over IPSec fails

Discussion in 'Hardware' started by rsscp1, Mar 16, 2008.

  1. rsscp1


    Mar 16, 2008
    Likes Received:
    I have a weird problem and I can't seem to figure out what's going on.

    I have two customers. For one of them, I have configured an IPSec tunnel between an ISA Server and a Cisco 877. For the other one, I have configured an IPSec tunnel between two Cisco 877 routers.

    At customer one, I can start an RDP session from the Cisco site to the ISA site, but fails from the ISA site to the Cisco site.

    At customer two, RDP fails in both directions.

    I have done a capture of the traffic between the sites. What I noticed is that when I try to establish the RDP connection, the client computer sends a SYN, ACK, the server receives this packet and responds with an ACK, but the ACK never reaches the other side of the tunnel.

    I have searched the internet for clues, but most articles and forum posts I have found suggest MTU/packet size/fragmentation problems. The reason I don't think my problem has anything to do with those, is that the size of the beforementioned ACK packet is only about 64 bytes.

    I have tried to figure out what the Cisco router does with the packet, but I don't really know which debug commands to use. (I tried debug ip packet <# of acl> and debug crypto ipsec, but they don't provide useful information.) Can anyone recommend debug commands that may provide clues as to what might go wrong?

    If anyone has any ideas or suggestions, I'd be very happy to hear them.
    rsscp1, Mar 16, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.