WEBVPN and rdp and port forwarding

Unanswered Question
Jun 9th, 2007
User Badges:

I have difficulty understanding certain aspects of port forwarding with ASA and webvpn. When doing port forwarding does a java client need to be 'downloaded' from the ASA or do some applications not require the java download but still need port forwarding? I am specifically referring to rdp and terminal services.

Also, is it necessary to use a webtype acl? If I use a webtype acl...which IP do I use....the which is used to gain access to the server....or is it the server's static, private IP address, or is it the public IP address?

Thanks for your help. I have a great deal of experience with ipsec site-to-site and dynamic vpn tunnels....but am having difficulty with the ssl vpns.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ggilbert Mon, 06/11/2007 - 13:25
User Badges:
  • Cisco Employee,


With regard to webvpn port-forwarding, once the user connects, there is a java window thats launched of the port forwarding part. The java window is launched locally from the PC. Its not pushed down to the PC from the ASA. Only the port forwarding information is pushed down.

webtype ACL is configured if you want the users to access only certain type of web sites or only certain networks on your internal site through the application/URL launch box.

IF you plan to use webtype ACL, you have to use the IP address that needs to be accessed by the client, not the address.

Servers private IP address can be used if you are planning on using webtype ACL.

Hope this explains.




This Discussion