We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Cisco ASA WebVPN (Remote Desktop Connection)(64-bit clients and servers)

Medium Priority
6,334 Views
Last Modified: 2012-05-07
Hello

I have been trying to setup a clientless access on Cisco ASA for some TCP application access, especially for remote desktop access.

i need a WebVPN solution; clients running 64-bit and 32-bit windows OSs should access Corporate Terminal Servers via WebVPN. For 32 bit OSs it is ok and running but for 64 bit OSs i do have a problem.

1- I used RDP Plugin for ASA, WebVPN clients can access the Terminal Server inside via Java. One problem is ; When i try to rdp to Terminal Server which is Win 2008 (64-bit) i am getting a Java error = (Wrong Modulus Size ! Expected64 + 8got:264)

2- I configured smart tunnels, any 32-bit client logged on the WebVPN portal can reach the terminal server via rdp.For 64-bit OS Clients, as far as i know it is not supported. Any workaround or solution here ?

Thanks in advance.

Comment
Watch Question

Istvan KalmarHead of IT Security Division
CERTIFIED EXPERT
Top Expert 2010

Commented:

Commented:
There is no work around for 64-bit clients to use smart tunnels. 64-bit is supported with Cisco Anyconnect.


Requirements for Smart Tunnels

To use smart tunnels, you must have the following:

"A browser with either ActiveX or Java and JavaScript.

"32-bit operating system only (you cannot use 32-bit applications on a 64-bit OS).

"Microsoft Windows XP, 2000, or Vista. For Vista, if you are starting smart tunnels from Internet Explorer protected mode, the security appliance must be in the trusted zone.

"If you need a proxy to reach the security appliance, only basic authentication is supported. Also, the remote end (the private side, not the security appliance) must be in the excluded list (or you must configure the application to reach the remote end by its normal address rather than the proxy address).



Here is the officiel ASA VPN/SSL support page.
http://www.cisco.biz/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html#wp97238

Author

Commented:
I know that i can use anyconnect for 64-bit OSs, but i am looking for a clientless solution to use with 64-bit OSs.

Smart tunnels : No
Port forwarding : No because it requires admin rights.
RDP Plugin or any other solution ?

regards.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.