Re: Allowing RDP tunnel over SSH

BEHowardGRDA · ‎03-31-2009

How can I allow an in-bound RDP connection over SSH on my ASA 5520?

smalkeric · ‎04-06-2009

Use the SSL tab of the Add/Edit Connection Profile dialog box to configure the WINS servers for the connection profile policy, select a customized look and feel for the SSL VPN end-user logon web page, DHCP servers to be used for client address assignment, and establish an association between an interface and client IP address pools.

Navigation Path

1. In Device View, select an ASA device.

2. Select Remote Access VPN > Connection Profiles from the Policy selector.

3. Click Create or Edit.

4. Select the SSL tab.

BEHowardGRDA · ‎04-07-2009

First off thanks for the reply!

This connection is not through a VPN tunnel. We have an entity that connects to a system directly via SSH. Before we switched over to the ASA this entity could tunnel an RDP session over port 22 (SSH). It would appear that the ASA is looking at the packets and seeing that they are not true SSH packets and dropping them.

lrm001c474 · ‎04-14-2009

Hi,

I have found that the Cisco implementation of SSH server version 2 on ASA/PIX platforms suffer either from a bug or intentional/un-intentional design where it can't/won't allocate more than a single channel per SSH version 2 connection.

I have seen SSH tunneling work on ASA/PIX platforms running SSH version 1 however.

Hope this helps and please award points if helpful.

yuri_slobodyanyuk · ‎04-14-2009

Hard to belive - SSH encrypts payload,

so ASA can't really see what is inside

- only ports and that it is SSH headers.

lrm001c474 · ‎04-15-2009

When the SSH session terminates on the ASA, it's SSH daemon will see the attempt to tunnel application traffic over the SSH session and attempt to open another SSH connection.