Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 11473 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP does not work over SSL VPN

J.Janssens

I read through several similar threads but none seemed to be the same.

 

Several of my customers have a UTM and use the VPN, but at one customer RDP doesn't work over VPN.

 

In summary:

1) RDP on the LAN works

2) SMB on the LAN works

3) Other services over LAN work (e.g. VoIP)

4) SMB on the VPN works

5) RDP on the VPN does not work: times out

6) Other services over VPN work (e.g. VoIP)

 

I can't find anything in the Firewall, Application Control or even IPS log, which is driving me insane - I don't even know where to look anymore now. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi All,

    In such events, always look at the tcpdump captures to understand the packet communication between the two endpoints. In this example, the UTM was forwarding the SYN request from the VPN connected client but the Server didn't respond with an ACK packet.

    11:25:19.168707  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:19.168932 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:22.087104  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:22.087215 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:28.323570  In ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

    11:25:28.323678 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

    Hope that helps someone.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi All,

    In such events, always look at the tcpdump captures to understand the packet communication between the two endpoints. In this example, the UTM was forwarding the SYN request from the VPN connected client but the Server didn't respond with an ACK packet.

    11:25:19.168707  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:19.168932 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:22.087104  In ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:22.087215 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 68: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0

    11:25:28.323570  In ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

    11:25:28.323678 Out 00:1a:8c:58:30:d1 ethertype IPv4 (0x0800), length 64: 10.242.2.3.49868 > 172.29.9.1.3389: Flags  , seq 3435107371, win 8192, options [mss 1350,nop,nop,sackOK], length 0

    Hope that helps someone.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML