Forum Discussion
NimbostratusAPM App Tunnel Remote Desktop Setup
I'm trying to get our old Firepass solution working on our LTM right now. Client logs in via two factor auth and is presented with a full webtop. The RDP access is setup as an App Tunnel. The client clicks on the RDP object and it launches the mstsc.exe file without any issues. I'm running into an issue where the resource item applied to the Remote_Desktop App Tunnel only seems to be allowing a Host Name or IP Address. I would like my clients to be able to RDP an entire subnet of addresses (10.10.0.0/16). Anyone know if this is possible when setting up an App Tunnel?
9 Replies
kunjanIf you leave the parameters field empty, you should be able to connect RDP server as required. Then apply ACL to restrict the target servers.
theXfactor82_91The Parameter field is empty. It is the Destination (Host Name or IP Address) that seems to be required. Can I put a subnet in this field? I've tried entering 10.10.0.0/24 but then it just blanks it out and doesn't work.
- kunjan
You can specify a dummy IP there. It uses the Host and port information, if you configure in the parameters list for eg:
/v:%HOST%:%PORT%If not mstsc will be launched and you can specify the target IP address.
- theXfactor82_91
I believe what you suggested in the first post is what I'm looking for. I want to launch mstsc.exe and give the client the option of connecting to any PC on the network via RDP.
I do not have an ACL applied to the APM so I don't know why it's not working.
If I understand you correctly I should just have to...
- Put a dummy IP into the destination field
- Leave the Parameters field empty
- Apply ACL to APM policy to restrict access to subnet (10.10.0.0/24)
Does this sound correct? The dummy IP in the destination field is confusing to me as when I put my laptop destination IP in this field I am success at connecting to it remotely. I just want to be able to connect to all the laptops and not just mine.
- kunjan
Yes, correct. You can change the target once launched, not just the IP configured.
- theXfactor82_91
I've tried what you suggested an it won't work. The mstsc.exe launches and I specify the remote host IP (10.10.0.10 or 10.10.0.11) but it will not connect. The only way it works is if I have the IP address of the remote host entered in the Destination field within the App Tunnel Resource as shown below.
Stanislas_Piro2Cumulonimbus
Hi,
if you want to allow users to choose the RDP target name, he can enter rdp://servername in the URL box on top of ressources.
- kunjan
Can you try to add user defined ACL with 10.10.0.0/24 ?
- theXfactor82_91
I tried adding the ACL and it didn't help. I think what I need is a session variable that I can put in the Destination IP Address field instead of a single destination IP address. Are you aware if a session variable like this exists? I've seen one for the host field but I am working with IPs only and not hostnames.
