1. Home
  2. Cisco Systems
  3. Pix 7.2(1) Remote Desktop through dynamic VPN

Pix 7.2(1) Remote Desktop through dynamic VPN

I have a strange problem on a Pix 515 with pix 7.2(1) software (I use this version beacuse I need the Pppoe function):

When I connect to the network from the outside with a VPN Client, everything looks OK, the client connects and I start a remote desktop connection to one of the servers.

After a little while (it varies from 30 seconds to 5 minutes) the screen freezes and if I ping the server there is no response. I can ping the rest of the network though. I have tried several servers with the same result.

Other applications, like the ASDM is working fine throughout the process. I do not have this problem with other 515s with older software (although the network topologies differ)

Static VPN also works fine. Any ideas?

Reply to
bg
Loading thread data ...

You need PPPoE, and yet you have outside hosts with VPN Client connecting? Are you in that uncommon situation of your ISP delivering you a static IP but still requring PPPoE encapsulation? I know such things happen, but it appears to me that it is more common that when a xDSL customer goes for a public IP, that the ISP removes the PPPoE layer.

The point about the combination of static IP and VPN being, of course, that you cannot establish a VPN Client connection to a device that has a dynamic IP address (not unless you happen to know the -current- IP address right then, and not unless you somehow make provisions for reconnecting when the IP address changes.)

I would -speculate- that it is an issue with an "inspect". If you push the log level up, you might perhaps see a translation being removed that was being depended on.

Reply to
Walter Roberson

Yes I know the combination of PPPoE and dynamic VPN sounds strange, but it's just an ISP policy (we get the same IP every time).

Walter Roberson skrev:

Reply to
bg

Here is what the debug log shows:

Teardown TCP connection 606117 for outside:192.168.41.170/1570 to inside:192.168.41.4/3389 duration 0:00:30 bytes 0 SYN Timeout (user)

Explanation in the log: Force termination after two minutes awaiting three-way handshake completion.

But why can I connect remotely to the ASDM through all this? To me it's strange that the VPN connection is intact all the way but the RPC connection terminates.

Also it does not seem to happen with the Pix to Pix connections.....

bg skrev:

Reply to
bg

On the surface, that appears to be the same subnet for source and destination. Is your ip pool for the dynamic VPN a subset of your inside IP address range? If so then it should not be.

How are you connecting to ASDM? Are you using a "management" VPN and http'ing to the inside interface, or are you using a regular VPN that includes the outside IP as one of the allowed source addresses, or are you connecting directly to the outside interface because you do -not- have the outside IP as part of a VPN after all?

Reply to
Walter Roberson

I have not done anything different than I've done with several other configs (not 7.2(1) though), the Pix has it's own DHCP pool for the clients (192.168.41.170-179) and these connect to a terminal server (192.168.41.4).

I connect to the ASDM (with the java software) from the very same VPN client, and when I lose connection the terminal server (or any other server I connect to with remote desktop connection), I can still access the ASDM.

What is really strange is that when the RDC disconnects, I cannot ping the server for a while. But I can ping the rest of the network. After a while I get ping replies and can connect again for a minute or two.

Everything works fine when I use static (Pix to Pix).

BG

Reply to
bg

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.