WebVPN Auto-Signon with RDP

Answered Question
Mar 28th, 2010
User Badges:

Hello,

I have a question about WebVPN and AutoSignon.


We have an ASA5510 and we use the SSL WebVPN. We are developing a terminal server for application access and are connecting to it with the webvpn. However, I'd like to use auto-signon. We are using LDAP authentication to sign into the webvpn. In other enviornments, I have used auto-signon to access web pages. I am just not sure how to do it with RDP, or if it can be done with rdp. The terminal server is going to be running windows server 2008 & I am assuming that we will need to modify some of the terminal services policies to allow the credentials to pass through. We'd like to not require the user to input username and password again.


I've also used the ASA RDP client.


We aren't using single-sign on, ie we don't have any kind of third party protect running. We just use the ASA & Active directory.


So, has anyone ever done any kind of auto-signon with RDP?


As a added benefit, it would be good to integrate TS Remote Apps with the WebVPN. TS Remote apps creates a rdp file that would execute a single application on the terminal server. While it's actually an rdp session, it appears to the end user as a locally installed application. Does anyone have any experience with appling a predefined RDP file or a TS Remtoe app to the webvpn?


Just to shore up my understanding, when you access the rdp client with the webvpn, is the ASA running it's own RDP client or is it accessing the RDP client on the web-client's computer?


And, does anyone know of any documents that describes all the parameters that can be used on the WebVPN RDP client? Maybe there are some other parameters in there that would help.


Thanks,

Ben

Correct Answer by Jennifer Halim about 7 years 3 months ago

RDP Plugin supports single sign on (SSO) feature.


Here is the URL for your reference (it also explains about the plugin itself and SSO):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1292744


Here is the auto-sign-on sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9ff.shtml


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Sun, 03/28/2010 - 17:38
User Badges:
  • Cisco Employee,

RDP Plugin supports single sign on (SSO) feature.


Here is the URL for your reference (it also explains about the plugin itself and SSO):

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1292744


Here is the auto-sign-on sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008067e9ff.shtml


Hope that helps.

Benjamin Waldon Wed, 04/07/2010 - 19:01
User Badges:

Thanks Alot, but I am still having some trouble with the Auto Signon.


I got the client downloaded, configured, etc. However, the autosignon isn't working.


If I enable POST parameters from within the ASDM for the bookmark, I get an error through the webvpn.


     these are the parameters:

     Name                       Value

     username                 CSCO_WEBVPN_USERNAME

     password                  CSCO_WEBVPN_PASSWORD

     destination                192.168.2.1


     192.168.2.1 is the ip address of the terminal server.


     the error that I get in the webvpn is Can not find server .plugins. or DNS error. However, if I remove the post parameters I at least get to the login screen of the terminal server.



I also have the following commands applied:

auto-signon allow ip 192.168.2.1 255.255.255.255 auth-type ntlm
smart-tunnel auto-signon RDP ip 192.168.2.1 255.255.255.255


Any Suggestions?


Thanks,

Ben

Benjamin Waldon Wed, 04/07/2010 - 19:49
User Badges:

Thanks Again for the info. I called the TAC and we got it to work with the &csco_sso=1parameter in the bookmark.


Next question is whether or not there is a parameter for color depth.

Terry Fri, 08/06/2010 - 05:29
User Badges:

Hi Benjamin


I'm having some similar problems to the details you posted here, can you please clarify where you entered '&csco_sso=1parameter' and did you keep the following config under the post parameters:


Name                       Value

     username                 CSCO_WEBVPN_USERNAME

     password                  CSCO_WEBVPN_PASSWORD

     destination                192.168.2.1


Kind Regards

Terry

Benjamin Waldon Tue, 08/10/2010 - 08:28
User Badges:

Terry,

I put those parameters in the address feild of the link.


No, I don't believe I kept those other post parameters.

Actions

This Discussion

Related Content