Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
10
Helpful
4
Replies

Dynamic RDP shortcuts for SSL VPN

Christopher Bell
Level 4
Level 4

‎05-04-2010 03:31 PM

I could swear I read somwhere that there was a way to configure the Cisco ACS server (or a RADIUS/LDAP AAA Server) to pass a rdp:// type shortcut to the users bookmakrs when he/she logs into a SSL VPN portal and uses the AAA server to authenticate.  So for an example:

Sally is in accounting and so is Bill.  Both have SSL VPN access.  When Sally logs in to the VPN portal, a shortcut to create a Terminal Server connection to her specific workstation is there in her bookmakrs.  Same for Bill but Bill has a unique shortcut for his workstation.

Am I dreaming or was there a way to do this?

Thanks.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
Labels:
0 Helpful
4 Replies 4

Paul Carco
Level 1
Level 1

‎05-04-2010 04:55 PM

You could do this with an LDAP Attribute map.  Create a separate URL-List (bookmarks) for the users and then use a field in AD to map to the Url List.

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wpxref12294

Christopher Bell
Level 4
Level 4
In response to Paul Carco

‎05-04-2010 05:50 PM

Thanks for the reply! This is something that I had considered -- but it would mean a separate bookmark for each user no?  If you have several hundred users... this could be tedious, not to mention a nightmare to police.  I'm acutually looking for a way to do this in a more dynamic fashion.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

Paul Carco
Level 1
Level 1
In response to Christopher Bell

‎05-04-2010 06:25 PM

Yes that would certainly become unmanageable.  Maybe you were thinking of Macro Substitutions - which may work.

5

CSCO_WEBVPN_MACRO1

Set via RADIUS/LDAP vendor-specific attribute

6

CSCO_WEBVPN_MACRO2

Set via RADIUS/LDAP vendor-specific attribute

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_web.html#wp1160691

Christopher Bell
Level 4
Level 4
In response to Paul Carco

‎05-05-2010 01:25 AM

Certainly worth a second look, but at first glance I don't see how that would work since the substituion would have to be either a hostname or an IP address.  I guess if the hostname was based off their username it might work, but that's not the case here.

Is there a way to pass a url list via Radius attributes?  Those would be dynamic .. no?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful
Customers Also Viewed These Support Documents