cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

480
Views
0
Helpful
3
Replies
Highlighted
Beginner

CDA not working with Remote Desktop (Terminal Services)

Hello everyone, I'm hoping someone can answer this question for me - Does CDA 1.0.0.011 Patch 6 support Remote Desktop Session Hosts (Terminal Servers)? I'm asking because I'm experiencing the following issue - When one user logs into a terminal server and matches an extended ACL permitting their user account access to a specific resource and someone else logs into the same terminal server both users are able to access the resource that only the second user has access to. It's like CDA treats terminal server users on a last login wins basis (and all others users inherit ACL action of the last logged in user). If this is the case, does the Firepower User Agent for Active Directory correct this (we also have Firepower running on our environment)? Thanks!
Steve
Everyone's tags (1)
3 REPLIES 3
Cisco Employee

Re: CDA not working with Remote Desktop (Terminal Services)

This looks like expected because all sessions on the same host sharing the same IP address, by default. You might consider Remote Desktop IP Virtualization

Or, you may check out the Firepower Terminal Server Agent.

Beginner

Re: CDA not working with Remote Desktop (Terminal Services)

Hello hslai, Thank you for the reply! I’ve setup Remote Desktop IP Virtualization (and it’s working - users are receiving unique IP addresses from DHCP BUT the Kerberos security logs in AD are still showing that all users are coming from a single IP address (the terminal server) and the Cisco CDA is showing this as well. In other words, the CDA is still behaving as it did before IP Virtualization was enabled. There's another issue I've noticed as well - how can I bind a DHCP IP address to a specific user to be able to create an access list on the ASA for that specific user? Thank you, Steve
Steve
Cisco Employee

Re: CDA not working with Remote Desktop (Terminal Services)

Many thanks for trying it out. CDA is based on Kerberos security events so your results show it not compatible.

Next, please try Firepower Terminal Server Agent. I moved your post to FirePOWER, where the team will be able to assist you better.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here