- Bronze, 100 points or more
This is probably not the right forum for this question, but I'm going to give it a shot. I've searched around a bit and haven't been able to find a good answer.
I've noticed when first trying to use the Terminal Server function of the SSL VPN via your browser, that installing the Active X control is very buggy. On just about every machine I've done it on, you must right click and install several times for it to actually work.
Does anybody know of a better way of doing this? I don't really care for useing the Java option because it lacks full screen capability (at least easily). Where can I download the actual IE addon from? Also, how is this control being called and where is it being called from? I didn't upload anything to flash on our ASA except for the Proper Java RDP plugin.
Thanks for any insight.
I haven't seen this same behavior where you must install the RDP plugin ActiveX control multiple times. Is it possible that you or your IT security admins could be deleting this plugin along with other browser temporary files and objects on a regular basis? Or maybe your browser is tightly controlled and locked down by an AD GPO.
The best way to get this working is to add the ASA as a trusted site within IE. By doing this you allow the browser permission to run activex controls and content from the ASA that IE otherwise would classify as a security vulnerability in order to avoid browser exploits.
The ActiveX control is automatically pushed down from the ASA at the time you browse to a url with the format RDP://. On Windows XP it is saved in C:\WINDOWS\Downloaded Program Files. You can find all the plugins currently installed in your browser from IE > Tools > Internet Options > General > Browsing History Settings > View objects.
The filename is "CISCO Portforwarder Control". If you're running a relatively recent ASA image (184.108.40.206,8.2.2, 8.3.1)you should see version 1,0,0,7 pushed down to you. If you copy the file from an already installed PC you should probably be able to install it on any other PC. But this shouldn't be necessary as the latest version will be pushed to you upon initiating a webvpn RDP session using the ASA.
The control is called from the ASA software image as opposed to being part of the RDP plugin. This is why upgrading ASA images gets you past known issues with the using RDP through webvpn such as..
CSCsx49794 Webvpn: RDP Plugin does not work with ActiveX with large cert chain
CSCtc70548 WebVPN: Cisco Port Forwarder ActiveX does not get updated automatically