Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - SSL/VPN auto signon

ASA 5510 v8.0(3)

I've got our asa SSL/VPN setup with an AAA server (using ldap) and users can login just fine.

The only thing we have it configured for is to use the rdp plugin. We got a couple of bookmarks setup that send the users to internal windows 2003 terminal servers. That works fine.

Now, I'm trying to get the auto signon feature to work properly. (we don't have siteminder or the SAML profile) If I understand this right, I don't need those two thirdparty features to get this working. Is this correct?

All I've done is add the follwing commands:


enable outside

enable inside

tunnel-group-list enable

auto-signon allow ip auth-type ntlm

According to the ASA 8.0 Congfiguration guide, that should do it. But, when access one of our bookmarks, it connects just fine, but still prompts for the username and password. I've configured the group policy to inherit the auto sign settings (and pretty much everything else).

Can someone maybe recommend something I may be overlooking here? Do I need to configure something further on my terminal server that accepts this NTLM request?


A little more info: When I don't enable the auto signon, the rdp plugin works just fine and I can easily get the sign on screen to my terminal server. However, when I enable anything in the auto signon, the rdp client launches, but it stays as a tiny little box in center of the screen and it'll eventually timeout and close. This little tiny box isn't expandable either. I've tried degugs, but don't see anything. No errors on the terminal server itself either.


Re: ASA - SSL/VPN auto signon

You can do the Auto Sign-on through Smart Tunnel. While the smart tunnel now allows Java applet to work for some application, single sign on no longer works for it. Try creating a bookmark for the application and enable the ST option. This is a Smart Tunnel limitation (auto-signon does not work with it).