Using RSA to Secure RDP

Unanswered Question
Aug 29th, 2007
User Badges:
  • Gold, 750 points or more

Hello fellow NetPros,

I have a need to enable RDP with a public IP address. There will be an ASA 5500 and a Cisco 2800 series router in front of the Terminal server. What I would like to do is when users attempt to RDP to that particular IP address they are prompted with a challenge for the RSA token. If they successfully enter the password they are then presented with the log-in to the terminal server. A Cisco engineer has told me that it can't be done. The ASA can only authenticate http, https, VPN and telnet traffic. Has any had a similar requirement and been able to make it work?

Also, the RSA agent can't be loaded onto the server directly. This would cause inside users to be challenged as well and that is something that we wish to avoid.

Thanks in advance. All replies will be rated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
acomiskey Wed, 08/29/2007 - 12:18
User Badges:
  • Green, 3000 points or more

"Although you can configure the security appliance to require authentication for network access to any protocol or service, users can authenticate directly with HTTP(S), Telnet, or FTP only. A user must first authenticate with one of these services before the security appliance allows other traffic requiring authentication."

So maybe remote desktop web connection is the answer for you.

Jagdeep Gambhir Wed, 08/29/2007 - 12:25
User Badges:
  • Red, 2250 points or more


It should be possible using virtual telnet. You can force the ASA to require authentication before allowing access to RDP.

I'm not too sure if we can integrate RDP with RSA.



magurwara Tue, 09/25/2007 - 01:57
User Badges:

If RSA authentication is required for RDP, simply install the RSA client on the target machine and set appropriate challenge settings i.e. which users or groups to challenge.

Hope that helps.



This Discussion