Cisco ASA 5505 Configuration Manual page 1540

Configuring Browser Access to Client-Server Plug-ins
RDP Plug-in ActiveX Debug Quick Reference
To set up and use an RDP plug-in, you must add a new environment variable. For the process of adding
a new environment variable, use the following steps:
Right click on My Computer to access the System Properties and choose the Advanced tab.
Step 1
On the Advanced tab, choose the environment variables button.
Step 2
In the new user variable dialog box, enter the RF_DEBUG variable.
Step 3
Verify the new Environment Variable in the user variables section.
Step 4
If you used the client computer with versions of WebVPN before version 8.3, you must remove the old
Step 5
Cisco Portforwarder Control. Go to the C:/WINDOWS/Downloaded Program Files directory, right click
on the portforwarder control, and choose Remove.
Clear all of the Internet Explorer browser cache.
Step 6
Launch your WebVPN session and establish an RDP session with the RDP ActiveX Plug-in.
Step 7
You can now observe events in the Windows Application Event viewer.
Plug-in Requirements and Restrictions
Clientless SSL VPN must be enabled on the adaptive security appliance to provide remote access to the
plug-ins.
The plug-ins do not work if the security appliance configures the clientless session to use a proxy server.
Note
The plug-ins support single sign-on (SSO). They use the same credentials entered to open the clientless
SSL VPN session. Because the plug-ins do not support macro substitution, you do not have the options
to perform SSO on different fields such as the internal domain password or on an attribute on a Radius
or LDAP server.
To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a link
to the server, and specify SSO support when adding the bookmark.
The minimum access rights required for remote use belong to the guest privilege mode.
A stateful failover does not retain sessions established using plug-ins. Users must reconnect following a
failover.
Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be enabled
on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.
Preparing the Security Appliance for a Plug-in
Before installing a plug-in, prepare the adaptive security appliance by performing the following steps:
Cisco ASA 5500 Series Configuration Guide using ASDM
67-76
The remote desktop protocol plug-in does not support load balancing with a session broker.
Because of the way the protocol handles the redirect from the session broker, the connection
fails. If a session broker is not used, the plug-in works.
Chapter 67 Clientless SSL VPN
OL-20339-01