ASA Clientless SSL VPN RDP Port Forwarding and DNS
We're experiencing an issue on our Corpoate network, connecting to an external Supplier. The external Supplier use an AnyConnect device with a frontend, after logging in, they then appear to use the AnyConnect RDP Port Forwading functionality (sorry, I don't know the official Cisco product name for this "AnyConnect SSL Clientless VPN"?).
Access to this Supplier Site works fine from a typical ADSL Network, and other locations - but not on our Corporate network. This access appears to do some "magic" on the PC, which causes the RDP Traffic destined for 220.127.116.11 to be Port Forwarded through to the Supplier's ASA, which then translates the flow to the Actual 10.205.x.x IP address of the RDP Server in their estate.
On our Corporate estate, we make use of Websense proxies - explicitly pointed to by a WPAD/PAC file - and importantly, the WPAD/PAC also proxies all DNS requests to external websites. To reiterate, our Corporate internal DNS servers do not resolve external DNS entries - Internet access works fine to external websites, it is just that the original DNS request is also proxied via the Websense proxy, which then makes the DNS lookup (and HTTP/HTTPS proxying) on the client's behalf.
When I've Wiresharked this flow, it appears that subsequent DNS lookups - once the AnyConnect session is created - to the Supplier's website fail. I assume what the SSL VPN Port Forwarding Java/ActiveX Client does is to hijack these DNS lookups, and redirect them to 127.1.2.3 - to force them via the Port Forwarding "Tunnel"?
If so, can you please advise what client-side (or Supplier server-side) changes we need to make, given that our internal DNS servers cannot be made to resolve external domain names (those outside or Corporate/Company internal hostnames)? Or is this a known bug?
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...