Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WEBVPN and rdp and port forwarding

I have difficulty understanding certain aspects of port forwarding with ASA and webvpn. When doing port forwarding does a java client need to be 'downloaded' from the ASA or do some applications not require the java download but still need port forwarding? I am specifically referring to rdp and terminal services.

Also, is it necessary to use a webtype acl? If I use a webtype acl...which IP do I use....the which is used to gain access to the server....or is it the server's static, private IP address, or is it the public IP address?

Thanks for your help. I have a great deal of experience with ipsec site-to-site and dynamic vpn tunnels....but am having difficulty with the ssl vpns.



Cisco Employee

Re: WEBVPN and rdp and port forwarding


With regard to webvpn port-forwarding, once the user connects, there is a java window thats launched of the port forwarding part. The java window is launched locally from the PC. Its not pushed down to the PC from the ASA. Only the port forwarding information is pushed down.

webtype ACL is configured if you want the users to access only certain type of web sites or only certain networks on your internal site through the application/URL launch box.

IF you plan to use webtype ACL, you have to use the IP address that needs to be accessed by the client, not the address.

Servers private IP address can be used if you are planning on using webtype ACL.

Hope this explains.