Cisco VPN Client - Encryption and Microsoft RDP

[Rookcr]

This will be a long post. I had asked a similar question and was directed to this forum.

I have a Cisco Pix 515 Firewall. It has been configured with 3DES encryption pak for VPN. That is all installed. I am able to authenticate and log into my network from a remote site. (Home) Here is the problem. I would like to use RDP since I have limited access to PC anywhere licences. My home machine is XPPro and the rest of my group that would utilize this access run XPPro on their remote machines.

At the business the workstations are XPPro with RDP enabled and users set. Internally I can RDP to my machine. Externally through the Cisco VPN client I am unable to connect to my XPPro Workstation. I get an unable to connect to workstation, client not configured, or not any available connections. Yet at the same time internall I can connect to the machine.

Well here is where the post really becomes strange. Externally through my Cisco VPN client I can RDP to a windows 2003 server, and then from that server, RDP to my workstation. this makes no sense to me. I want to be able to go directly to my machine.

I have tested with PC anywhere and If I have PC Anywhere encryption on I am unable to connect to a workstation but if I turn off encryption I am then able to use PC anywhere to connect to my desktop. Anyone have any ideas. I am completly stumped. Any help would be appreciated.

Thanks

Rook

 

[ayars]

It sounds like possibly the vpn connection does not have any dns information. I have found that on cisco, if the dns server info in not in the dhcpd client config then the vpn connection will not have dns info. Go to the vpn connection in network connection and manually put in your dns info. You might try connecting to the workstation by putting in the ip address of the workstation in stead of the computer name.

 

[Rookcr]

ayars,

Thanks for the tip but no avail. I am unable to connect by IP address. When I authenticate on the network I am able to ping by workstation name and IP address. It is frustrating.

 

[AbyK]

I am having the exact same problem. Same behaviour externally and internally. I also able to connect to a 2003 server and then able to connect to an internal XP machine.

Rookcr have you been able to find a solution at all for this? Its seriously impeding my work and would greatly appreciate some solution to this.

Thanks in advance,
Abhinav

 

[Rookcr]

no solution as of yet. I am leaning on the possibility that it may be in the boarder router of my ISP. Not 100% but if I sit outside my firewall on a hub between the firewall and router I don't have an issue, when I move to the otherside of the internet router I have problems. I thought I had stumbled on something in the XPPro GPedit to turn off encryption but had no luck from outside the gateway router. I will keep all informed if I find something and I will continue to look to see if anyone else has any answers. By the way I have a Lucent Pipeline Internet router provided by our ISP.

Rook

 

[Rookcr]

may have found a solution. On my pix I add the global command:

connection tcpmss 1300

This command will tell the VPN client to use a max mtu size of 1300, rather then setting the MTU from the client software. I made connection so when I get home tonight I will test again. In addition other members of my group will try as well.

Rook