I've seen discussion elsewhere of using the ASA's WebVPN, and then using mstsc on Windows to send a normal RDP session through the VPN connection. Success is reported, but the recipe isn't spelled out. I get the notion that it should involve setting up port forwarding on the ASA. Then if for example the port forwarded is 50001, then this on the client system would connect through:
That's suggested at http://microsoft-server-operating-systems.hostweb.com/TopicMessages/microsoft.public.windows.terminal_services/781703/1/Default.aspx - there are similar partial reports elsewhere, such as at http://hardforum.com/showpost.php?p=1035146809&postcount=5.
In our case the administration of the Cisco is in other hands - we're in a hosted situation behind an ASA dedicated to our use. What exactly do we need to request of them to get regular Windows RDP working in this way? We've been trying the Java and ActiveX plugins, but those are limited in various ways and don't work consistently on all client systems, so we'd like to try using MS's RDP client instead. We're not in a situation to require our users to install VPN client software, so we need a way that works with the WebVPN. It's encouraging other people have this working. But we can't yet find where anyone's published a complete recipe in enough detail to pass on exact instructions to our third-party ASA admins.
Is port forwarding the key to this? Or would a "smart tunnel" be an option? Thanks for any advice.
Let's take a step back.
Port forwarding works very much like forwarding with SSH. You specify that certain remote host/port will be available via this port locally (and yes you connect via localhost:localport), little java applet does the rest.
Now smart tunnel (for programs) it's a trickier beast, it's basically causing all instances of a program to establish sockets via tunnel.
Result? You specify you want to connect to something on the remote side as though the program would be remote. Not sure if it makes sense
There's also smart tunneling of bookrmaks and homepages but that's a completly different matter.
If you're looking for something simple but maybe not so ... straight forward to use port forwarding should be just fine.
I'm not familiar with limitations of running terminal services in a smart tunnel (not to say that there are non).