locked
Issue with RDP going through ISA 2004 via Cisco SSL VPN RRS feed

  • Question

  • Hi,

    I'm having a bit of an issue with input lag while connected to a client via VPN.  I'm running a ISA 2004 SP3 firewall.  We have users that have to connect to the client's network using a Cisco SSL VPN.  The connection establishes without issue and once the user is logged in, a web-based RPC to a client computer can be established.

    The problem that I'm having is that at times while connected to the RPC, the input freezes.  I can type or send commands to the computer for around 15 seconds, the display will then stop responding and freeze for a few seconds.  It will “lurch” forward to where you are in the input session and complete anything that you did while it was frozen.  It will also appear to 'freeze' if I allow the session to idle for 15-20 seconds.  There aren't any connectivity issues during these pauses.

    I've taken Wireshark captures of the remote sessions and have noticed that during the 'freezes', I receive many "TCP DUP ACK" reports. (I can provide the captures if necessary) 

    To further troubleshoot the issue, and the reason I'm posting this here, is because I've noticed an error that shows up in the firewall log during these sessions.  I'm getting a lot of "denied connection" events with the result code FWX_E_ABORTIVE_SHUTDOWN (0x80074e21).  From the looking that I've done at this specific code, it seems that this happens when no RPC connection is able to be made.  However, I'm able to connect to both the VPN and RPC.

    Any help or suggestions will be greatly appreciated.

    Thanks,

    Thursday, October 21, 2010 10:57 PM

Answers