Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5394
Views
0
Helpful
5
Replies

WebVPN Auto-Signon with RDP

Go to solution
Benjamin Waldon
Level 1
Level 1

‎03-28-2010 07:39 AM

Hello,

I have a question about WebVPN and AutoSignon.

We have an ASA5510 and we use the SSL WebVPN. We are developing a terminal server for application access and are connecting to it with the webvpn. However, I'd like to use auto-signon. We are using LDAP authentication to sign into the webvpn. In other enviornments, I have used auto-signon to access web pages. I am just not sure how to do it with RDP, or if it can be done with rdp. The terminal server is going to be running windows server 2008 & I am assuming that we will need to modify some of the terminal services policies to allow the credentials to pass through. We'd like to not require the user to input username and password again.

I've also used the ASA RDP client.

We aren't using single-sign on, ie we don't have any kind of third party protect running. We just use the ASA & Active directory.

So, has anyone ever done any kind of auto-signon with RDP?

As a added benefit, it would be good to integrate TS Remote Apps with the WebVPN. TS Remote apps creates a rdp file that would execute a single application on the terminal server. While it's actually an rdp session, it appears to the end user as a locally installed application. Does anyone have any experience with appling a predefined RDP file or a TS Remtoe app to the webvpn?

Just to shore up my understanding, when you access the rdp client with the webvpn, is the ASA running it's own RDP client or is it accessing the RDP client on the web-client's computer?

And, does anyone know of any documents that describes all the parameters that can be used on the WebVPN RDP client? Maybe there are some other parameters in there that would help.

Thanks,

Ben

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-28-2010 05:38 PM

RDP Plugin supports single sign on (SSO) feature.

Here is the URL for your reference (it also explains about the plugin itself and SSO):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1292744

Here is the auto-sign-on sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9ff.shtml

Hope that helps.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎03-28-2010 05:38 PM

RDP Plugin supports single sign on (SSO) feature.

Here is the URL for your reference (it also explains about the plugin itself and SSO):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1292744

Here is the auto-sign-on sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9ff.shtml

Hope that helps.

0 Helpful

Go to solution
Benjamin Waldon
Level 1
Level 1
In response to Jennifer Halim

‎04-07-2010 07:01 PM

Thanks Alot, but I am still having some trouble with the Auto Signon.

I got the client downloaded, configured, etc. However, the autosignon isn't working.

If I enable POST parameters from within the ASDM for the bookmark, I get an error through the webvpn.

     these are the parameters:

     Name                       Value

     username                 CSCO_WEBVPN_USERNAME

     password                  CSCO_WEBVPN_PASSWORD

     destination                192.168.2.1

     192.168.2.1 is the ip address of the terminal server.

     the error that I get in the webvpn is Can not find server .plugins. or DNS error. However, if I remove the post parameters I at least get to the login screen of the terminal server.

I also have the following commands applied:

auto-signon allow ip 192.168.2.1 255.255.255.255 auth-type ntlm
smart-tunnel auto-signon RDP ip 192.168.2.1 255.255.255.255

Any Suggestions?

Thanks,

Ben

0 Helpful

Go to solution
Benjamin Waldon
Level 1
Level 1
In response to Jennifer Halim

‎04-07-2010 07:49 PM

Thanks Again for the info. I called the TAC and we got it to work with the &csco_sso=1parameter in the bookmark.

Next question is whether or not there is a parameter for color depth.

0 Helpful

Go to solution
Terry
Level 1
Level 1
In response to Benjamin Waldon

‎08-06-2010 05:29 AM

Hi Benjamin

I'm having some similar problems to the details you posted here, can you please clarify where you entered '&csco_sso=1parameter' and did you keep the following config under the post parameters:

Name                       Value

     username                 CSCO_WEBVPN_USERNAME

     password                  CSCO_WEBVPN_PASSWORD

     destination                192.168.2.1

Kind Regards

Terry

0 Helpful

Go to solution
Benjamin Waldon
Level 1
Level 1
In response to Terry

‎08-10-2010 08:28 AM

Terry,

I put those parameters in the address feild of the link.

No, I don't believe I kept those other post parameters.

0 Helpful
Customers Also Viewed These Support Documents