ASA and remote access

Dave Kozlowski · ‎02-09-2015

Want to setup a ASA 5520 for remote access.

If I want to test all services do I have to list each one, or is there a service that will reflect all services

Or

What service would I use for RDP from the wan to the lan?

Thanks

Dave

Marvin Rhoads · ‎02-09-2015

Are you talking about AnyConnect client-based remote access or clientless SSL VPN? You use different approaches for those and each requires a license on the ASA (AnyConnect Essentials or Premium).

Dave Kozlowski · ‎02-09-2015

Marvin,

I would either like to open a desktop connection put in a natted IP address and get to a server.

or

use Anyconnect and get the a lab backbone.

which ever would be the least intrusive and easiest to do?

Thanks

Dave

APPIREDDY · ‎02-09-2015

Hi,

I think one way of doing it is from IPSEC remote access client, connect to FW using IPSEC client ( don't think you need special license, but not sure) and then you can RDP to server.

Marvin Rhoads · ‎02-09-2015

If you have an ASA and no existing remote access VPN and the requirement is to reach a server or two behind the firewall, I'd say NATting the lab server(s) with an incoming access-list would be easiest.

If you want to access an indeterminate number of lab devices on varying TCP ports, then a remote access VPN would be easiest. If it's just for occasional use by 1-2 users, then you can use the free AnyConnect premium 2-user license.

You could also use the old Cisco IPsec VPN client (no license required at either client or ASA end); but that's being deprecated and doesn't officially support Windows 8 or other modern OS versions.

Dave Kozlowski · ‎02-10-2015

Thanks will work on this solution this week. One other question.

For services. If I want to add all services, do I have to list each one?

Thanks

Dave