Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco ASA WebVPN (Remote Desktop Connection)(64-bit clients and servers)

Posted on 2009-07-04
5
5,882 Views
Last Modified: 2012-05-07
Hello

I have been trying to setup a clientless access on Cisco ASA for some TCP application access, especially for remote desktop access.

i need a WebVPN solution; clients running 64-bit and 32-bit windows OSs should access Corporate Terminal Servers via WebVPN. For 32 bit OSs it is ok and running but for 64 bit OSs i do have a problem.

1- I used RDP Plugin for ASA, WebVPN clients can access the Terminal Server inside via Java. One problem is ; When i try to rdp to Terminal Server which is Win 2008 (64-bit) i am getting a Java error = (Wrong Modulus Size ! Expected64 + 8got:264)

2- I configured smart tunnels, any 32-bit client logged on the WebVPN portal can reach the terminal server via rdp.For 64-bit OS Clients, as far as i know it is not supported. Any workaround or solution here ?

Thanks in advance.

0
Comment
Question by:Phoenixisco
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24777839
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24780529
There is no work around for 64-bit clients to use smart tunnels. 64-bit is supported with Cisco Anyconnect.


Requirements for Smart Tunnels

To use smart tunnels, you must have the following:

"A browser with either ActiveX or Java and JavaScript.

"32-bit operating system only (you cannot use 32-bit applications on a 64-bit OS).

"Microsoft Windows XP, 2000, or Vista. For Vista, if you are starting smart tunnels from Internet Explorer protected mode, the security appliance must be in the trusted zone.

"If you need a proxy to reach the security appliance, only basic authentication is supported. Also, the remote end (the private side, not the security appliance) must be in the excluded list (or you must configure the application to reach the remote end by its normal address rather than the proxy address).



Here is the officiel ASA VPN/SSL support page.
http://www.cisco.biz/en/US/docs/security/asa/compatibility/asa-vpn-compatibility.html#wp97238
0
 

Author Comment

by:Phoenixisco
ID: 24783174
I know that i can use anyconnect for 64-bit OSs, but i am looking for a clientless solution to use with 64-bit OSs.

Smart tunnels : No
Port forwarding : No because it requires admin rights.
RDP Plugin or any other solution ?

regards.
0
 
LVL 9

Accepted Solution

by:
Donboo earned 500 total points
ID: 24787440
RDP plugin is 32-bit plugins so that would fall under no go.

I dont have any other solution besides that making users admins during activex installation (I belive its enough just during installation) and then remove their right again.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 35816030
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trouble with VPN DENY rules on sonicwall 1 40
DMVPN Spoke Connectivity Issue 1 34
Admin Certificates in my browser 2 30
IPsec VPN - which encryption? 5 35
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question