From: Kulcsár
Date: Tue Nov 29 2005 - 07:29:14 GMT-3
Hi Venkatesh,
I think it can be a fragmentation issue or a software bug.
Check if icmp unreachables are sent from the router to the client. Try pinging with large packets and DF bit set.
It can also happen that path mtu discovery is not working correctly between the IPSec devices if a firewall filters icmp unreachables.
Here is a good document about fragmentation:
http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Regards,
Benjamin
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Venkatesh Palani
Sent: Tuesday, November 29, 2005 10:44 AM
To: Ccie Lab (E-mail)
Subject: IPSEC and thin client
HI Guys,
This is not a lab scenario but a real one which is been bitting me hard for last few hours. The setup is I have an IPSEC tunnel between a cisco router and a VPN concetrator via internet( the internet is provided via ADSL connection and the cisco device terminates the IPSEC tunnel ). The issue is I have few thin clinet on the otheside of the cisco device which needs to run RDP to access few servers on the other side of the VPN concentrator. The IPSEC tunnel works fine I cld ping the server etc....but only the RDP wont work on the thin client. It was working fine until we had this new IPSEC tunnel, you might think it is to do with thin client but we have 5 thin client and none of them cld acess, it gets more twister here ...the RDP works from a laptop from the same subnet the thin clinets are, they are all connected via single switch...also the RDP between the laptop adn the thin clinet work, no clue what cld be wrong any thoughts or suggestions will be appreciated.
Thank you,
Venkatesh
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:08 GMT-3