cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


443
Views
0
Helpful
1
Replies
Highlighted

ASA plugin

Hello,

Somebody has experience with HOBLink JWT as rdp plugin in ASA clientless VPN?. If someone has it in a production environment it could summarize what is the process of installation?

The official rdp is very old and works very badly without ActiveX.(not full screen, geometry only with bookmarks, etc)

Regards.

Everyone's tags (5)
1 REPLY 1
Enthusiast

Re: ASA plugin

This topic is fairly old, but I wanted to respond anyway.

HOBLink JWT rdp plugin for the Cisco ASA works on-top of the Clientless vpn solution from Cisco ASA. HOBLink JWT version 4.1 has just released and offers many new features such as multi-monitor support, Java Web Start capability to deal with the Java plugin in the web browser being deprecated, as well remote fx for video redirection. HOBLink JWT offers many other feature, including mapping printers from the Host side, the Client side, and the network side. Drive mapping between host and client machines, clip-board support, Network Level Authentication support, certificate authentication, smart card authentication, wake-on-lan, automatic application startup, load-balancing integration, server lists, bandwidth reduction settings, and RAIL support. Session will reconnect during a period of brief disconnects and most keyboard languages are also supported. It is also possible to turn off all features to make the RDP connection a simple read-only console.

In a production environment we are noticing a few issues with the Cisco ASA. In the Cisco environment we are having an issue creating the JNLP files within the Application to go though the Cisco ASA. Cisco has not been very helpful in resolving this issue. Cisco has proposed that we could use smart-tunnels for this type of connection, but we do not want to do this for many reasons.

The HOBLink JWT 4.1 plugin can still be used on the Cisco ASA. It does require a quite complicated work around method to be able to use to install the plugin in the ASA. Or as an alternative HOBLink JWT can be installed on a Web Server behind the Cisco ASA. Admins can then configure bookmark links in the Cisco ASA to point to that HOBLink JWT configuration on the web server to start the remote connection.

The last thing I wanted to inform you about is a solution that comes built into HOBLink JWT 4.1 which is a feature called HOBLaunch. HOBLaunch, essentially delivers to the user a remote access experience exactly like they had using the Java Plugin of HOBLink JWT. Since the Java Plugin is now removed in most web browsers, we face a few challenges.

Let me explain these challenges, and then I will explain the solution.

The challenges are we face with Java Web Start technology is that users will need to download a JNLP file which they then need to execute in order to start the remote session. This experience differs between browser and can become a nightmare with tech support. In addition, since these JNLP files are created on-the-fly, there is no way of signing these dynamically created files, Java does not offer a way to do this. Therefor on Mac Operating systems Apple Gatekeeper will keep users from easily running these JNLP files. For these challenges we have created HOBLaunch and integrated this into HOBLink JWT.

So how does HOBLaunch solve these problems? HOBLaunch needs to be installed on the users system, just one time. HOBLaunch does not require administrative rights to be installed and the installation method is very simple. We have even included custom instructions by detecting the user agent of the web browser type and OS to deliver custom instructions based on this detection to make the installation process as simple as possible for the user. The user receives an exe (windows) or dmg (mac) and simply runs the installer. The user can then start their session and enable HOBLaunch. When the user enables HOBLaunch on the bookmark link they click on the from Cisco ASA, the HOBLink JWT application will then automatically start using HOBLaunch. Administrators can customize the underlying HTML page of the bookmark link to deliver a customized experience by customizing just a few variables in the web page. After a users enables HOBLaunch in the bookmark webpage, every time a user re-opens the bookmark link, HOBLaunch will automatically start. This gives users the experience as they had it with the Java Plugin version of HOBLink JWT.

HOBLaunch works in the following manner. Instead of requiring the users to save and download a JNLP files. HOBLaunch automatically receives this JNLP file and executes it. It then immediately discards the JNLP and prevents the user from accessing it. HOBLaunch then starts the application for the user.

The basic functionality of older HOBLink JWT version and the new HOBLink JWT 4.1 is exactly the same. We still offer the Java Plugin version. However since browsers removed the Java plugin, we needed to adapt our solution to this new environment.

A demo version of the web server is always available for free from the HOB Website. For the plugin version it would be best to contact an HOB representative of the HOB support.