Restrict RDP access with local credentials

Unanswered Question
Mar 11th, 2010

I have a client who is using an ASA5510 and wants to limit RDP access to a specific server by login credentials.  They don't use any AAA servers for authentication now, just local accounts created on the firewall.  Configuring the static NAT and the ACL to allow RDP to the server from the outside isn't an issue but I don't know how to make the firewall check for credentials before it allows the connection.  Is this possible?  If so, can I use local users?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Fri, 03/12/2010 - 14:33

Hi,

It seems that you're looking for the ASA Firewall Session Authentication feature (cut-through proxy features on PIX)

It requires the user to authenticate before passing any traffic through the ASA.

The only issue is that you do need a AAA server.  Can't be done against the local database.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Federico.

Actions

This Discussion