Re: Using RSA to Secure RDP

travis-dennis_2 · ‎08-29-2007

Hello fellow NetPros,

I have a need to enable RDP with a public IP address. There will be an ASA 5500 and a Cisco 2800 series router in front of the Terminal server. What I would like to do is when users attempt to RDP to that particular IP address they are prompted with a challenge for the RSA token. If they successfully enter the password they are then presented with the log-in to the terminal server. A Cisco engineer has told me that it can't be done. The ASA can only authenticate http, https, VPN and telnet traffic. Has any had a similar requirement and been able to make it work?

Also, the RSA agent can't be loaded onto the server directly. This would cause inside users to be challenged as well and that is something that we wish to avoid.

Thanks in advance. All replies will be rated.

acomiskey · ‎08-29-2007

"Although you can configure the security appliance to require authentication for network access to any protocol or service, users can authenticate directly with HTTP(S), Telnet, or FTP only. A user must first authenticate with one of these services before the security appliance allows other traffic requiring authentication."

So maybe remote desktop web connection is the answer for you.

Jagdeep Gambhir · ‎08-29-2007

Travis,

It should be possible using virtual telnet. You can force the ASA to require authentication before allowing access to RDP.

I'm not too sure if we can integrate RDP with RSA.

Regards,

~JG

magurwara · ‎09-25-2007

If RSA authentication is required for RDP, simply install the RSA client on the target machine and set appropriate challenge settings i.e. which users or groups to challenge.

Hope that helps.

MAG