We are currently reviewing various ways to provide virtual desktops for home users.
One of the things we are testing is using the ASA webvpn option with the RDP plugin to connect to a remote desktop.
One issue with this however is the method of connecting the user to the remote desktop. For instance, with the ASA I have two options. Let someone manually enter an address in the connection box once they login to webvpn. They select RDP and put in the virtual desktop address.
This obviously isn't very good, user error and inconvenience.
Second option is manually creating a bookmark, however this doesn't seem to be practical. I don't think I can create one on a per user basis but I might be wrong. And on a group basis this wouldnt work as each individual needs to connect to there individual virtual desktop.
I understand thats where "Brokers" come in. Brokers apparently act as a medium way for automating the process of connecting a user to a specific virtual desktop.
Wondering what others are using and doing with regards to virtual desktops through ASA. Any particular brokers recommended by Cisco or partners with Cisco in this matter?
Maybe "Macro Substitution" would be a way to go for you. If the needed URL could be composed of the user id you could use "CSCO_WEBVPN_USERNAME" within the URL and all the users could use the same group bookmark list. So if the user "jack" would need to access "rdp://jack.domain.local" just configure the bookmark "rdp://CSCO_WEBVPN_USERNAME.domain.local".
But I guess that you need to use a different parameter. Therefore you could use "CSCO_WEBVPN_MACRO1" and/or "CSCO_WEBVPN_MACRO2". The values for those parameters can be assigned through RADIUS or LDAP during login. So if you would like to assign "jack" the server "server01", than the bookmark should be "rdp://CSCO_WEBVPN_MACRO1.domain.local" and the value "server01" should be assigned through RADIUS setting the parameter "[026/3076/223] WebVPN-Macro-Value1" to "server01".
And last but not least you could even do Single Sign On by extending the URL with "?csco_sso=1".
Yes. That's how it works. Every instance of CSCO_WEBVPN_USERNAME will be replaced within the URL. So you could even use rdp://serverCSCO_WEBVPN_USERNAME.myCSCO_WEBVPN_USERNAMEdomain.company.local/?username=CSCO_WEBVPN_USERNAME&domain=myCSCO_WEBVPN_USERNAMEdomain&csco_sso=1 which would result in rdp://serverJDOE.myJDOEdomain.company.local/?username=JDOE&domain=myJDOEdomain&csco_sso=1 for the user id "JDOE".
But just a small hint for testing: The macros only work with bookmarks. When you paste the URL manualy into the address field the macro keywords wont be replaced. :-)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...