Terminal Server with VPN Using Netscreen Remote and Linksys

[nobeta]

I am connecting to a Netscreen 25 using Netscreen Remote8.0 configured for IPSEC with pre-shard key, from a Windows 2000 Client. The VPN is via a Verizon DSL line, using PPPOE. This connection works fine and I can browse the remote network and connect to our Windows 2000 Terminal Server. The problem occurs when we add a Linksys Befsr41 Router on the client side. At this point we can establish the VPN and ping the remote network (including the Terminal Server), however, we can no longer connect to the Terminal Server. It appears to be a Linksys issue as it works without the Linksys. A PPTP connection will work through the Linksys to the Terminal Server, however this is not an option. I have tried various port forwarding and port triggering settings in the Linksys box, including forwarding the ports for Netscreen Remote and Terminal Server, but this has had no effect. Have also tried removing the check for IPSEC passthrough and I upgraded the firmware to version 1.44.2, Dec 13 2002,this is the current version. Any other suggestions would be greatly appreciated? I have read in this forum that the Netgear is a better box for IPSec. Has anyone tried this with Terminal Server?

 

[nobeta]

Just thought I'd post this. I was able to resove this issue after determining that the Linksys is what Microsoft refers to as a "Black Hole Router". The fix was to add the dword EnablePMTUBHDetect in the SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] registry key. Refer to Microsoft Knowledge Base Article - 159211

 

[spackle]

Try setting the MTU to 1400 on your Win2K box thats behind the linksys. Also you may need to allow port 500 UDP incoming on the linksys for IKE.
On your Netscreen you may want to add this line via cli:
set flow tcp-mss

It'll stop fragmentation which tends to kill terminal services.