cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
508
Views
0
Helpful
1
Replies
Highlighted
Beginner

Is that posible to inspect RDP on ASA5585-X

user from home PC via Anyconnect making RDP session to work PC, on this PC Microsoft policy allow making disk mappind via RDP. Is that posible to inspect this traffic and deny this(disk mapping) action on ASA5585-X with IPS?

1 REPLY 1
Highlighted
Hall of Fame Guru

Unfortunately RDP is not among the supported application inspection types. (Reference)

You'd have to identify something unique to those TCP sessions and key on that to prevent it. If it's indeed all tcp 3389 and you only want to disallow the disk mapping feature but not all RDP, it may not be possible with ASA and IPS alone. It'd be more a job for something like CX or WSA.