cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1054
Views
0
Helpful
8
Replies

RDP into Cisco VPN client

jason.tam
Level 1
Level 1

Hi,

This is a curly one.

Basically, we've got some staff working from home and they normally use a Cisco VPN client to access the corporate network.

To support these users, the desktop team wants to know if they can RDP into these PC connected via cisco VPN client SW.

I've tested this out and doesn't seem to work. I suspect its not possible, but want a confirmation or see what other people's findings are.

thanks.

8 Replies 8

cscbrannent
Level 1
Level 1

I think yes, you should be able to. If the cisco client can ping the desktop, then there's network connectivity. Then, if the desktop folks can ping the cisco client, then they can initiate a session.

We do something similar, with a 3rd party remote control company - logmeinrescue.com. It's sort of like "go to my pc".

I can get out and remote control them and start their session, then I get dropped. However, the session picks back up again, when the traffic gets "rerouted" to go through their vpn tunnel instead of being outside it.

You're using a full layer 3 connection, right, not the webvpn?

Hope this helps.

Brannen

Hi Brannen,

To assist users, the desktop team wants to use their corporate PC and RDP to the home notebook. (when its connected via Cisco VPN client SW).

Cheers.

I think it should work.

Jason

Can you verify that the laptop that you attempted to test with for RDP is configured to facilitate RDP access. I recently encountered a problem which turned out to be that the laptop was refusing RDP because it was not configured to accept RDP (or that its firewall was not configured to accept RDP).

HTH

Rick

HTH

Rick

yeah, the RDP works.

I tested this with a local PC on the same wire (while the VPN is not connected of course).

Cheers.

that's defintly possible. what device are you using? Router, asa, pix?

make sure you don't block the traffic to the clients

Found the problem on the ASA.

It had.. which was also causing the drops.

aaa authentication include tcp/0 Inside-DMZ-14 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AU_Act-Dir

So the solution is to apply an exception rule.

aaa authentication exclude tcp/3389 Inside-DMZ-14 10.1.114.0 255.255.255.0 10.1.204.0 255.255.255.0 AU_Act-Dir

PS. previously I had

aaa authentication match Inside-DMZ-14_authentication.... but the "match" statement does not work with the exclude.. so I had to convert this into "include"

hope tihs helps.

jason.tam
Level 1
Level 1

Found the problem on the ASA.

It had.. which was also causing the drops.

aaa authentication include tcp/0 Inside-DMZ-14 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AU_Act-Dir

So the solution is to apply an exception rule.

aaa authentication exclude tcp/3389 Inside-DMZ-14 10.1.114.0 255.255.255.0 10.1.204.0 255.255.255.0 AU_Act-Dir

PS. previously I had

aaa authentication match Inside-DMZ-14_authentication.... but the "match" statement does not work with the exclude.. so I had to convert this into "include"

hope tihs helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: