Restrict RDP access with local credentials

Unanswered Question
Mar 11th, 2010
User Badges:

I have a client who is using an ASA5510 and wants to limit RDP access to a specific server by login credentials.  They don't use any AAA servers for authentication now, just local accounts created on the firewall.  Configuring the static NAT and the ACL to allow RDP to the server from the outside isn't an issue but I don't know how to make the firewall check for credentials before it allows the connection.  Is this possible?  If so, can I use local users?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Fri, 03/12/2010 - 14:33
User Badges:
  • Green, 3000 points or more


It seems that you're looking for the ASA Firewall Session Authentication feature (cut-through proxy features on PIX)

It requires the user to authenticate before passing any traffic through the ASA.

The only issue is that you do need a AAA server.  Can't be done against the local database.



This Discussion