Hello,

We already have ssh to Linux boxes enabled via Remote Access VPN configured on ASA device (configuration below). How can we enable Windows Remote Desktop on Windows Machines.

Secondly, even though I can ssh into the servers via Remote Access VPN, if I do 'telnet x.x.x.x 22' after getting connected via VPN, it gets blocked. Why is it so ?

Thanks.

!

interface GigabitEthernet0/0

nameif outside

security-level 100

ip address 1.1.1.100 255.255.255.0

!

interface GigabitEthernet0/1

speed 1000

duplex full

nameif inside

security-level 100

ip address 10.0.0.100 255.255.255.0

!

passwd xxxxxxxx encrypted

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

access-list 22 extended permit ip any any

access-list 33 extended permit ip any any

access-list inside_nat0_outbound extended permit ip any 10.0.0.128 255.255.255.128

access-list cisco1_splitTunnelAcl standard permit any

mtu outside 1300

mtu inside 1500

ip local pool pool1 10.0.0.180-10.0.0.210 mask 255.255.255.0

ip verify reverse-path interface outside

ip verify reverse-path interface inside

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

access-group 22 in interface outside

access-group 33 in interface inside

route outside 0.0.0.0 0.0.0.0 1.1.1.120 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

sysopt connection tcpmss 1300

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 40 set pfs

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 20

management-access outside

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

!

service-policy global_policy global

group-policy cisco internal

group-policy cisco attributes

vpn-simultaneous-logins 50

vpn-tunnel-protocol IPSec

split-tunnel-network-list value cisco1_splitTunnelAcl

group-policy cisco1 internal

group-policy cisco1 attributes

dns-server value 195.29.72.20

vpn-simultaneous-logins 50

vpn-tunnel-protocol IPSec

split-tunnel-network-list value cisco1_splitTunnelAcl

username cisco password xxxxxxxx encrypted privilege 0

username cisco attributes

vpn-group-policy cisco

username admin password xxxxxxxx encrypted privilege 15

tunnel-group cisco type ipsec-ra

tunnel-group cisco general-attributes

address-pool pool1

default-group-policy cisco

tunnel-group cisco ipsec-attributes

pre-shared-key *

tunnel-group cisco1 type ipsec-ra

tunnel-group cisco1 general-attributes

address-pool pool1

default-group-policy cisco1

tunnel-group cisco1 ipsec-attributes

pre-shared-key *

prompt hostname context

: end