Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restrict RDP access with local credentials

I have a client who is using an ASA5510 and wants to limit RDP access to a specific server by login credentials.  They don't use any AAA servers for authentication now, just local accounts created on the firewall.  Configuring the static NAT and the ACL to allow RDP to the server from the outside isn't an issue but I don't know how to make the firewall check for credentials before it allows the connection.  Is this possible?  If so, can I use local users?

2 REPLIES

Re: Restrict RDP access with local credentials

Hi,

It seems that you're looking for the ASA Firewall Session Authentication feature (cut-through proxy features on PIX)

It requires the user to authenticate before passing any traffic through the ASA.

The only issue is that you do need a AAA server.  Can't be done against the local database.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

Federico.

Re: Restrict RDP access with local credentials

Well,

It seems that you can authenticate a user directly against a virtual server (the ASA itself), via HTTP/HTTPS, telnet or FTP to be able to redirect it to any other service.

Take a look:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_fwaaa.html#wp1046750

Federico,

359
Views
0
Helpful
2
Replies