cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
10
Helpful
4
Replies

Dynamic RDP shortcuts for SSL VPN

I could swear I read somwhere that there was a way to configure the Cisco ACS server (or a RADIUS/LDAP AAA Server) to pass a rdp:// type shortcut to the users bookmakrs when he/she logs into a SSL VPN portal and uses the AAA server to authenticate.  So for an example:

Sally is in accounting and so is Bill.  Both have SSL VPN access.  When Sally logs in to the VPN portal, a shortcut to create a Terminal Server connection to her specific workstation is there in her bookmakrs.  Same for Bill but Bill has a unique shortcut for his workstation.

Am I dreaming or was there a way to do this?

Thanks.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
4 Replies 4

Paul Carco
Level 1
Level 1

You could do this with an LDAP Attribute map.  Create a separate URL-List (bookmarks) for the users and then use a field in AD to map to the Url List.

http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wpxref12294

Thanks for the reply! This is something that I had considered -- but it would mean a separate bookmark for each user no?  If you have several hundred users... this could be tedious, not to mention a nightmare to police.  I'm acutually looking for a way to do this in a more dynamic fashion.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Yes that would certainly become unmanageable.  Maybe you were thinking of Macro Substitutions - which may work.

5

CSCO_WEBVPN_MACRO1

Set via RADIUS/LDAP vendor-specific attribute

6

CSCO_WEBVPN_MACRO2

Set via RADIUS/LDAP vendor-specific attribute

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/vpn_web.html#wp1160691

Certainly worth a second look, but at first glance I don't see how that would work since the substituion would have to be either a hostname or an IP address.  I guess if the hostname was based off their username it might work, but that's not the case here.

Is there a way to pass a url list via Radius attributes?  Those would be dynamic .. no?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: