RDP into Cisco VPN client

Unanswered Question
Dec 30th, 2008

Hi,

This is a curly one.

Basically, we've got some staff working from home and they normally use a Cisco VPN client to access the corporate network.

To support these users, the desktop team wants to know if they can RDP into these PC connected via cisco VPN client SW.

I've tested this out and doesn't seem to work. I suspect its not possible, but want a confirmation or see what other people's findings are.

thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cscbrannent Wed, 12/31/2008 - 04:45

I think yes, you should be able to. If the cisco client can ping the desktop, then there's network connectivity. Then, if the desktop folks can ping the cisco client, then they can initiate a session.

We do something similar, with a 3rd party remote control company - logmeinrescue.com. It's sort of like "go to my pc".

I can get out and remote control them and start their session, then I get dropped. However, the session picks back up again, when the traffic gets "rerouted" to go through their vpn tunnel instead of being outside it.

You're using a full layer 3 connection, right, not the webvpn?

Hope this helps.

Brannen

jason.tam Thu, 01/01/2009 - 15:50

Hi Brannen,

To assist users, the desktop team wants to use their corporate PC and RDP to the home notebook. (when its connected via Cisco VPN client SW).

Cheers.

Richard Burts Thu, 01/01/2009 - 19:57

Jason

Can you verify that the laptop that you attempted to test with for RDP is configured to facilitate RDP access. I recently encountered a problem which turned out to be that the laptop was refusing RDP because it was not configured to accept RDP (or that its firewall was not configured to accept RDP).

HTH

Rick

jason.tam Thu, 01/01/2009 - 23:21

yeah, the RDP works.

I tested this with a local PC on the same wire (while the VPN is not connected of course).

Cheers.

jason.tam Thu, 07/02/2009 - 16:38

Found the problem on the ASA.

It had.. which was also causing the drops.

aaa authentication include tcp/0 Inside-DMZ-14 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AU_Act-Dir

So the solution is to apply an exception rule.

aaa authentication exclude tcp/3389 Inside-DMZ-14 10.1.114.0 255.255.255.0 10.1.204.0 255.255.255.0 AU_Act-Dir

PS. previously I had

aaa authentication match Inside-DMZ-14_authentication.... but the "match" statement does not work with the exclude.. so I had to convert this into "include"

hope tihs helps.

jason.tam Thu, 07/02/2009 - 16:40

Found the problem on the ASA.

It had.. which was also causing the drops.

aaa authentication include tcp/0 Inside-DMZ-14 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AU_Act-Dir

So the solution is to apply an exception rule.

aaa authentication exclude tcp/3389 Inside-DMZ-14 10.1.114.0 255.255.255.0 10.1.204.0 255.255.255.0 AU_Act-Dir

PS. previously I had

aaa authentication match Inside-DMZ-14_authentication.... but the "match" statement does not work with the exclude.. so I had to convert this into "include"

hope tihs helps.

Actions

This Discussion