Hi, I'm configuring a new ASA5510 w/ SSL licensing and a coworker asked me some questions on functionality of remote access. I'm new to the ASA device and have never configured one before.
Both of these questions are assuming the user is at home and using their personal computer (not a laptop or work computer). If a user successfully creates a SSL connection, I understand it's basically like a remote desktop session to that particular user's desktop.
Q1: If the work computer is running dual LCD screens, are there any remote desktop options that will allow the home user to do the same or even to switch? Can those settings be saved as if it was a profile?
Q2: Same situation only the home user would like to print to his personal printer at home.
1) If the remote desktop application supports it so will the VPN, if I got your question correctly.
2) if you want the VPN user to keep using his local printer you can enable 'Local Lan Access' for the VPN.
1) I figured we had to use Cisco's version of remote desktop. I didn't know that we have a choice of which remote desktop app we can use.
2) Can the end user change this 'Local LAN Access' setting during the VPN session?
No you have to device this on the VPN gateway. Select'Exclude Specified' in the Group Policy and allow local LAN access. Here is an ASA example:
What do you mean by Cisco's version of RDP?
Thanks for the responses Farrukh. I'm reading the config example now.
I'm trying to visualize the step by step process the end user would go through in order to remotely connect.
With my previous employer, I've used and I'm most familiar with using the ipsec VPN Client. Now, with my new employer I'm tasked with setting up a remote access solution using SSL.
The new company uses a Sonicwall solution that works like this:
2. user authentication with AD login
3. CompanyName Virtual Office
4. there is a pre-configured bookmark (remote access) for only that particular end user's desktop (forces static ip address)
5. WinXP login prompt
6. connection completed to end user's desktop with the normal group policies applied
I've never seen/used a remote access solution like this and was wondering if Cisco's clientless SSL works the same.
This brings me to a new question on setting up a remote access solution.
anyconnect client vs. SSL
Is there a remote access decision guide?
I don't know any Cisco document, but it should be covered in this book.
But to be honest, there is no choice here. SSL will age out, forget it! Anyconnect is the one targetted for most/all of the new cool features and future developement.
Also have a look at this link:
Also your original question, most of this can be done with the Cisco SSL VPN Solution also. Specially on the ASA. The router SSL VPN solution is still not so complete.
another great reference
I've learned a great deal on remote access in the past couple of hours. Thank you for taking the time to help me understand more and point me in the right direction.
No problem at all, and let me know if you need any further assitance.
Thanks for the link :) and please rate if you find any posts helpful.