• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6113
  • Last Modified:

Cisco ASA WebVPN (Remote Desktop Connection)(64-bit clients and servers)


I have been trying to setup a clientless access on Cisco ASA for some TCP application access, especially for remote desktop access.

i need a WebVPN solution; clients running 64-bit and 32-bit windows OSs should access Corporate Terminal Servers via WebVPN. For 32 bit OSs it is ok and running but for 64 bit OSs i do have a problem.

1- I used RDP Plugin for ASA, WebVPN clients can access the Terminal Server inside via Java. One problem is ; When i try to rdp to Terminal Server which is Win 2008 (64-bit) i am getting a Java error = (Wrong Modulus Size ! Expected64 + 8got:264)

2- I configured smart tunnels, any 32-bit client logged on the WebVPN portal can reach the terminal server via rdp.For 64-bit OS Clients, as far as i know it is not supported. Any workaround or solution here ?

Thanks in advance.

1 Solution
Istvan KalmarHead of IT Security Division Commented:
There is no work around for 64-bit clients to use smart tunnels. 64-bit is supported with Cisco Anyconnect.

Requirements for Smart Tunnels

To use smart tunnels, you must have the following:

"A browser with either ActiveX or Java and JavaScript.

"32-bit operating system only (you cannot use 32-bit applications on a 64-bit OS).

"Microsoft Windows XP, 2000, or Vista. For Vista, if you are starting smart tunnels from Internet Explorer protected mode, the security appliance must be in the trusted zone.

"If you need a proxy to reach the security appliance, only basic authentication is supported. Also, the remote end (the private side, not the security appliance) must be in the excluded list (or you must configure the application to reach the remote end by its normal address rather than the proxy address).

Here is the officiel ASA VPN/SSL support page.
PhoenixiscoAuthor Commented:
I know that i can use anyconnect for 64-bit OSs, but i am looking for a clientless solution to use with 64-bit OSs.

Smart tunnels : No
Port forwarding : No because it requires admin rights.
RDP Plugin or any other solution ?

RDP plugin is 32-bit plugins so that would fall under no go.

I dont have any other solution besides that making users admins during activex installation (I belive its enough just during installation) and then remove their right again.
Pete LongTechnical ConsultantCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now