Remote access to office

Discussion in 'NZ Computing' started by GJ, Feb 19, 2006.

  1. GJ

    GJ Guest

    We have moved offices and can no longer get remote access working
    correctly. The ISP is still Telstra but the ISP connection has changed
    from Cable to DSL. We have a static IP. The DSL modem is a Dynalink
    RA230 and we use RADMIN software. This has worked well
    for over 1 year without issue.

    We are connecting to the Remote PC, running RADMIN server, the client
    connection will come up and say "Loading Initial Screen" but the client
    screen never loads. The log on the RADMIN server at the office shows the
    connection being made and then closing 1 minute after connecting . The
    client is still showing "Loading Initial Screen" at least 5 minutes
    after the server closing the connection.

    I am wondering if there is a NAT issue. I ask this as I have no friggen
    idea how NAT works. but know it means Network Address Translation.

    The current setup is we have the Dynalink RA230 DSL modem port
    forwarding to the Smoothwall firewall that port forwards to a specific
    PC for remote connection. Previously the Cable Modem had no firewall,
    etc services.

    In the old office the connection went straight through the Cable Modem.

    Anyone have any ideas of what to do or where to look?

    GJ, Feb 19, 2006
    1. Advertisements

  2. Your firewall? Your Router?

    A Nice Cup of Tea
    A Nice Cup of Tea, Feb 19, 2006
    1. Advertisements

  3. GJ

    Enkidu Guest

    rAdmin is a dog! I only use it because I have to! But that doesn't help
    you, does it? You'd know that already.
    What you have is similar to what I have, except that I don't use rAdmin
    into my network!

    I'm surprised that the client gets "Loading Initial Screen" because that
    means that it has connected the server!

    Are you sure that the routing is correct? The server should have a
    specific route to the Internet via the firewall and the firewall should
    have a route to the Internet via the Dynalink. But it all sounds fine.

    The next thing that I would do is capture the traffic (probably at the
    firewall) and see what it happening.


    Enkidu, Feb 19, 2006
  4. GJ

    Tony Guest

    The problem will most likely be related to MTU. The dsl link will have
    an MTU of less that 1500 and most likely your router will have poor
    firewalling and be dropping all ICMP as most people seem to think ICMP
    is "ICMP echo request" (ping). There are two solutions -

    1. Fix your routers Fire walling so it does not drop ICMP (which allows
    ICMP path discovery, thus reducing the clients MTU)
    2. Reduce the MTU of your VPN server to 1460 or so.
    Tony, Feb 19, 2006
  5. GJ

    ~misfit~ Guest

    Hey Tony, hope you don't mind, I just want to hi-jack a branch of this

    I was recently advised by my ISP to try setting my MTU/MSS/MRU in my router
    (My router calls it MRU) from the usual default of 1500 to 1492 to see if
    that improves my download speed, especially internationally. I did this (by
    backing up the ini file, editing it, then re-loading it) but didn't see any

    Would dropping it to 1460 likely make any difference? Or should I just leave
    it at 1492?

    ~misfit~, Feb 19, 2006
  6. GJ

    Tony Guest

    Interesting, the question is what has your ISP got set as the PPP MTU on
    their LNS (the device that terminates the L2TP tunnel assuming you are
    on a UBS connection). Personally I prefer to have the LNS set to
    fragment packets so it can maintain the 1500 MTU of ethernet, so that
    users don't have broken access to brain dead websites that firewall all
    ICMP. (the net effect is that the user gets pages that won't fully load,
    much like the VPN connection won't complete as packets are dropped, but
    there is an overhead in doing this).
    It's difficult to say if there would be any benefit adjusting the MTU on
    your end, you may find it breaks other things.
    Tony, Feb 19, 2006
  7. GJ

    ~misfit~ Guest

    Ok, thanks for that.
    ~misfit~, Feb 20, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.