Whenever I try to rdp my laptop from an ipsec remote vpn client, my cable modem crashes.

This is what I see in the ipsec vpn log:

2017:01:30-16:02:29 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
2017:01:30-16:02:56 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
2017:01:30-16:03:26 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
2017:01:30-16:03:56 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
2017:01:30-16:04:26 sophos pluto[1446]: "D_REF_IpsRoaIpsecRaVpn_0"[9] 129.97.243.30 #26: DPD: No response from peer - declaring peer dead
2017:01:30-16:04:26 sophos pluto[1446]: "D_REF_IpsRoaIpsecRaVpn_0"[9] 129.97.243.30 #26: DPD: Terminating all SAs using this connection
2017:01:30-16:04:26 sophos pluto[1446]: "D_REF_IpsRoaIpsecRaVpn_0"[9] 129.97.243.30 #26: deleting connection "D_REF_IpsRoaIpsecRaVpn_0"[9] instance with peer 129.97.243.30 {isakmp=#26/ipsec=#27}
2017:01:30-16:04:26 sophos pluto[1446]: "D_REF_IpsRoaIpsecRaVpn_0" #27: deleting state (STATE_QUICK_R2)
2017:01:30-16:04:26 sophos pluto[1446]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="arcadius" variant="ipsec" srcip="129.97.243.30" virtual_ip="10.242.4.1"
2017:01:30-16:04:27 sophos pluto[1446]: "D_REF_IpsRoaIpsecRaVpn_0" #26: deleting state (STATE_MODE_CFG_R1)
2017:01:30-16:04:27 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
2017:01:30-16:04:27 sophos pluto[1446]: ERROR: asynchronous network error report on eth0 for message to 129.97.243.30 port 500, complainant 174.115.201.228: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

This must have something to do with the way vmware handles traffic on the same vswitch with a physical adapter. My Sophos runs on a vm on a an esx server that has 4 nics. One for mgmt, one for outside, one for inside and one for dmz. Each of those is a standard vswitch with a physical adapter. My laptop is on the same LAN as in the the adapter for the inside vswitch. Until I access my laptop would most vmware traffic just travel the back end "virtual fabric" for lack of a better description and not actually exit out the inside interface? Then when the traffic has to exit the actual inside adapter for the first time, it crashes...due to some sort of nat timeout or something maybe?

Actually, not sure that makes sense, because I always run a ping -t to my core switch at home to get a sense of vpn performance. That traffic would definitely exit the esx server on to the inside adapter...

Not sure what is going on here..

Anyone have any thoughts on this one? I'd love to figure this one out, as I'm very much liking this firewall, but if I can't, I may have to put an Untangle vm in place instead. I'd rather not do that, though. 

What is also interesting about this is that I can rdp the laptop fine if I first rdp into a virtual machine running on my esx server and then launch another rdp session to the laptop. But if I try to rdp the laptop directly, things blow up. 

Though, it gets stranger. I did a bit more testing now while connected to vpn from work. I have several devices on my network at home that have a web gui: Sophos, Observium, a Qnap nas fpr example. I can ping the address of all those devices fine (they all have interfaces on my 192.168.0.0/24 network), but I can only load the web gui for the Sophos vm. All the others time out, despite being able to ping them. 

I'll continue to test and watch the firewall logs and the ipsec vpn logs.  If anyone else has any suggestions, I'm all ears :)

Well, I have changed tactics. I have decided to try the ssl client. This seems to work great so far. It's easy to setup and provides an easy to install client--identical to OpenVPN on platforms like Untangle. So far, I can access the web gui on all my appliances. I have yet to try a direct rdp to my laptop at home, as I don't want to risk tanking my connection mid day, but so far this is working better than the ipsec setup did. 

I also tried the Cisco VPN client. I imported my user cert into the client and it connected fine, but it would not pass any traffic. 

I can rdp my laptop at home fine. I will abandon the ipsec vpn and just use the ssl one. It was hassle free. 

Got everything working the way I want it to now. My dmz server has the necessary ports forwarded. My internal subnet can talk to the dmz, but not vica versa. DMZ server has Internet access for software updates. VPN working problem free. All boxes checked for now. 

I wish I had tried this before I paid $50 for an annual Untangle sub. This is way better. I am loving this firewall!

I can rdp my laptop at home fine. I will abandon the ipsec vpn and just use the ssl one. It was hassle free. 

Got everything working the way I want it to now. My dmz server has the necessary ports forwarded. My internal subnet can talk to the dmz, but not vica versa. DMZ server has Internet access for software updates. VPN working problem free. All boxes checked for now. 

I wish I had tried this before I paid $50 for an annual Untangle sub. This is way better. I am loving this firewall!