Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
5
Helpful
1
Replies

WEBVPN and rdp and port forwarding

joe.cornelson
Level 1
Level 1

‎06-09-2007 07:43 PM

I have difficulty understanding certain aspects of port forwarding with ASA and webvpn. When doing port forwarding does a java client need to be 'downloaded' from the ASA or do some applications not require the java download but still need port forwarding? I am specifically referring to rdp and terminal services.

Also, is it necessary to use a webtype acl? If I use a webtype acl...which IP do I use....the 127.0.0.1 which is used to gain access to the server....or is it the server's static, private IP address, or is it the public IP address?

Thanks for your help. I have a great deal of experience with ipsec site-to-site and dynamic vpn tunnels....but am having difficulty with the ssl vpns.

Thanks,

Jim

Labels:
0 Helpful
1 Reply 1

ggilbert
Cisco Employee
Cisco Employee

‎06-11-2007 01:25 PM

Jim,

With regard to webvpn port-forwarding, once the user connects, there is a java window thats launched of the port forwarding part. The java window is launched locally from the PC. Its not pushed down to the PC from the ASA. Only the port forwarding information is pushed down.

webtype ACL is configured if you want the users to access only certain type of web sites or only certain networks on your internal site through the application/URL launch box.

IF you plan to use webtype ACL, you have to use the IP address that needs to be accessed by the client, not the 127.0.0.1 address.

Servers private IP address can be used if you are planning on using webtype ACL.

Hope this explains.

Cheers,

Gilbert

Customers Also Viewed These Support Documents