03-31-2009 01:46 PM - edited 03-11-2019 08:13 AM
How can I allow an in-bound RDP connection over SSH on my ASA 5520?
04-06-2009 07:52 AM
Use the SSL tab of the Add/Edit Connection Profile dialog box to configure the WINS servers for the connection profile policy, select a customized look and feel for the SSL VPN end-user logon web page, DHCP servers to be used for client address assignment, and establish an association between an interface and client IP address pools.
Navigation Path
1. In Device View, select an ASA device.
2. Select Remote Access VPN > Connection Profiles from the Policy selector.
3. Click Create or Edit.
4. Select the SSL tab.
04-07-2009 12:00 PM
First off thanks for the reply!
This connection is not through a VPN tunnel. We have an entity that connects to a system directly via SSH. Before we switched over to the ASA this entity could tunnel an RDP session over port 22 (SSH). It would appear that the ASA is looking at the packets and seeing that they are not true SSH packets and dropping them.
04-14-2009 12:59 PM
Hi,
I have found that the Cisco implementation of SSH server version 2 on ASA/PIX platforms suffer either from a bug or intentional/un-intentional design where it can't/won't allocate more than a single channel per SSH version 2 connection.
I have seen SSH tunneling work on ASA/PIX platforms running SSH version 1 however.
Hope this helps and please award points if helpful.
04-14-2009 10:14 PM
Hard to belive - SSH encrypts payload,
so ASA can't really see what is inside
- only ports and that it is SSH headers.
04-15-2009 07:21 AM
When the SSH session terminates on the ASA, it's SSH daemon will see the attempt to tunnel application traffic over the SSH session and attempt to open another SSH connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide