Cisco VPN client + RDP –all in one.

PiotrIrPiotrIr Member Posts: 236
Hi
I’m not quite sure if it is possible but if so could you give me any advice how to do this?
I have CEO in one site which can’t use computer. Basically for him, there is a problem to connect first using VPN client and then use RDP icon to his PC – sometimes happened.
I’m looking for solution which will be one click and do both things. So one icon on the desktop which first will establish VPN connection using Cisco VPN client and then connect using RDP.

Obviously I’m not able to change his infrastructure so TS Gateway is not a solution.

Any idea? Many thanks.
Kind Regards

Comments

  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    You could setup the Cisco VPN client "Start Before Login" feature which will allow him to authenticate to the VPN before putting in his corporate Windows password.

    You could then copy the RDP shortcurt into C:\documents and settings\user\start menu\startup

    This will launch the RDP session when the windows machine boots up and you can either setup a profile for him to save his login credentials (not recommended) or have him type the details in.

    The only way I can think of doing it at the moment.

    To setup the Start Before Login feature in the Cisco VPN client, go to Options, Windows Logon properties, check start before login.

    It's a while since I looked at a Cisco VPN client but it's in there somewhere.
  • PiotrIrPiotrIr Member Posts: 236
    Ok, it does make sense, many thanks.

    However I would like to ask you what will happen if user won’t logoff or shout down machine for couple of weeks or internet connection will be down for a moment and VPN link will be broken.

    Will VPN client restore connection automatically? If not I need another solution so please advice.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Sounds like what you need is a user thats not too lazy to click an icon.....
    An expert is a man who has made all the mistakes which can be made.
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    You should look into configuring keepalives for the VPN connection. I have never done this for Cisco VPN client connections, but have for LAN-to-LAN connections.

    What is the central device the Cisco VPN client is terminating into, pix? ASA? ISR router?

    Here is some info on keepalives for Cisco VPN

    Most Common L2L and Remote Access IPSec VPN Troubleshooting Solutions - Cisco Systems
  • PiotrIrPiotrIr Member Posts: 236
    Many thanks for adivce but is it possible to keep alive VPN client? I'm going to use Cisco PIX 515.
  • tierstentiersten Member Posts: 4,505
    Sounds like what you need is a user thats not too lazy to click an icon.....
    Pretty much. Only problem is that its a CEO so they'll be more stubborn about actually doing anything...
  • PiotrIrPiotrIr Member Posts: 236
    To be honest with you I can’t agreeicon_smile.gif

    I know a few CEO and some are very nice, some not but all are very hard working people. This one just can’t understand how computers work and for him it is kind of problem to understand that before he can login to his outlook he needs to first use VPN client connection than RDP and only after those operations open outlook. Basically he can’t recognize that he is working on another desktop but it doesn’t mean he is stupid or lazy.

    I tried once to learn paling to the guitar. And now I know it is impossible for me and even I would spend 8 hours a day I will never learn it. For me it just too difficult....
  • networker050184networker050184 Mod Posts: 11,962 Mod
    PiotrIr wrote: »
    To be honest with you I can’t agreeicon_smile.gif

    I know a few CEO and some are very nice, some not but all are very hard working people. This one just can’t understand how computers work and for him it is kind of problem to understand that before he can login to his outlook he needs to first use VPN client connection than RDP and only after those operations open outlook. Basically he can’t recognize that he is working on another desktop but it doesn’t mean he is stupid or lazy.

    I tried once to learn paling to the guitar. And now I know it is impossible for me and even I would spend 8 hours a day I will never learn it. For me it just too difficult....


    If knowing how to put things in order is a problem for this guy he needs to head back to kindergarten. You definitely don't have to know how computers work to use the VPN client or open an RDP session....
    An expert is a man who has made all the mistakes which can be made.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Give him a new wallpaper with the steps laid out. Here, I made you an example:

    vpnrdc.gif

    Sorry, I didn't have the full version of Outlook in that VM...
  • skrpuneskrpune Member Posts: 1,409
    icon_lol.gif OMG, dynamik, you could totally make a side business out of creating "instructional" wallpapers...
    Currently Studying For: Nothing (cert-wise, anyway)
    Next Up: Security+, 291?

    Enrolled in Masters program: CS 2011 expected completion
  • PiotrIrPiotrIr Member Posts: 236
    Thanks guys. You are laughing but this CEO will shout to me!!!

    Basically full history is somebody (you can call him an idiot) NATed and opened RDP port directly to his PC because he (CEO) didn’t’ like VPN client so now he uses only shortcut from his desktop to get access. I want to improve security on the network and I can’t tell him that current connection is not secured because the idiot was from my company. In addition CEO travels a lot so I’m not able to set up VPN ptp.

    I believe now you understand my problem....
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    There are alot of options for you here but we can't just give you a solution, we can give you ideas but you need to investigate it further yourself and if you feel it's out of your skill set then hire a consultant for a day.

    Keepalives do work with client VPN but exactly how, you would need to do some research on the Cisco website on the cleint and PIX to find the best solution for your scenario.

    Another option you could look into is SSL VPN. I don't know if this is something that is possible or feasible in your environment, but it is a suggestion for you to look into.

    If the CEO travels about alot and wants an always on connection, you can't do this with IPSec VPN. The user needs to initiate the session at least once.

    SSL VPN where he would access the applications over a web browser on a public internet connection sounds like a good solution for you, but I'd suggest speaking to a subject matter expert on this as opposed to trying to set it up yourself unless you have experience with it.

    Also if you do not want to change the infrastructure then IPSec with the Start Before Login and RDP startup solution and keepalives that I suggested in first post is probably best solution.

    Just explain to him that as security threats have become more common a review of his current setup is required otherwise company data could potentially be at risk. You don't have to say the solution that other guy setup is a security risk and I want to correct that.

    Security threats/risks evolve just like technology in general does, he must understand that.

    Good luck
  • PiotrIrPiotrIr Member Posts: 236
    Thanks for your help,

    I will try to force TS Gateway option if they will accept it will fix all issues.
  • pwjohnstonpwjohnston Member Posts: 441
    Sounds like what you need is a user thats not too lazy to click an icon.....

    aaaaaaahahahahaha. Isn't that most of them? Particularly upper management?
Sign In or Register to comment.