Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing RDP tunnel over SSH

How can I allow an in-bound RDP connection over SSH on my ASA 5520?

5 REPLIES
Silver

Re: Allowing RDP tunnel over SSH

Use the SSL tab of the Add/Edit Connection Profile dialog box to configure the WINS servers for the connection profile policy, select a customized look and feel for the SSL VPN end-user logon web page, DHCP servers to be used for client address assignment, and establish an association between an interface and client IP address pools.

Navigation Path

1. In Device View, select an ASA device.

2. Select Remote Access VPN > Connection Profiles from the Policy selector.

3. Click Create or Edit.

4. Select the SSL tab.

New Member

Re: Allowing RDP tunnel over SSH

First off thanks for the reply!

This connection is not through a VPN tunnel. We have an entity that connects to a system directly via SSH. Before we switched over to the ASA this entity could tunnel an RDP session over port 22 (SSH). It would appear that the ASA is looking at the packets and seeing that they are not true SSH packets and dropping them.

New Member

Re: Allowing RDP tunnel over SSH

Hi,

I have found that the Cisco implementation of SSH server version 2 on ASA/PIX platforms suffer either from a bug or intentional/un-intentional design where it can't/won't allocate more than a single channel per SSH version 2 connection.

I have seen SSH tunneling work on ASA/PIX platforms running SSH version 1 however.

Hope this helps and please award points if helpful.

New Member

Re: Allowing RDP tunnel over SSH

Hard to belive - SSH encrypts payload,

so ASA can't really see what is inside

- only ports and that it is SSH headers.

New Member

Re: Allowing RDP tunnel over SSH

When the SSH session terminates on the ASA, it's SSH daemon will see the attempt to tunnel application traffic over the SSH session and attempt to open another SSH connection.

362
Views
0
Helpful
5
Replies
CreatePlease login to create content