Kaseya Community

Cisco ASA / Kaseya Remote Control

  • Remote Control connection time using VNC to a workstation is MUCH longer on sites that have Cisco ASA Implemented all other sites connect much faster (within 30 Seconds) Cisco ASA Sites take approximatel 3 to 4 minutes to connect using VNC. RDP is fast at all sites with and wihtout ASA.

    Is anyone els having the same issue?

    Legacy Forum Name: Cisco ASA / Kaseya Remote Control,
    Legacy Posted By Username: richie3333
  • richie3333
    Remote Control connection time using VNC to a workstation is MUCH longer on sites that have Cisco ASA Implemented all other sites connect much faster (within 30 Seconds) Cisco ASA Sites take approximatel 3 to 4 minutes to connect using VNC. RDP is fast at all sites with and wihtout ASA.

    Is anyone els having the same issue?


    We havent seen this. Are you sure the client isnt just updating to the latest version of KVNC? If not, maybe a weird ASA config rule?

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: Coldfirex
  • An ASA will block the OOB communication required to expedite the connect request. I have a post around here somewhere with the rule that needs to be added. If I can dig it up I will post it for you.

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: mgolicher
  • I could not find the old message that I posted with the Cisco commands. Some requests like remote control use the TCP urgent flag. You need to create a Policy map in the ASA for your Kaseya agent port. Then associate that with a class-map that allows the urgent flag. This will get you close:

    class-map urg-class
    match port tcp eq https (replace https with your Kaseya agent port)

    tcp-map tmap
    urgent-flag allow

    policy-map pmap
    class urg-class

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: mgolicher
  • Thank you. Thats perfect. We had already worked it out with Cisco. Cisco's solution was below : I guess in turn they are doing the same thing.


    tcp-map urg-flag
    urgent-flag allow

    access-list vnc-traffic extended permit ip any host x.x.x.x (enter KServer Public IP Here)

    class-map urg-class
    match access-list vnc-traffic

    policy-map global_policy
    class mss-map
    class urg-class
    set connection advanced-options urg-flag

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: richie3333
  • Richie,
    I am trying this out with my clients, but when I try to add the config line of class-mss-map I get class-map mss-map not configured?

    Is that line necessary if so, what am I missing?

    Thanks in advance

    Legacy Forum Name: MSP General Discussion,
    Legacy Posted By Username: mloraditch
  • Good morning to all!

    We recently swapped out our SonicWALL firewall with a Cisco ASA. Since then it takes 15-60 seconds to get a remote control session going.  We were pointed to this article by a recent techjam given by K (Scaling Kaseya servers). However, we have tried this with our ASA and it doesn't seem to work. Now I have tried to submit a support ticket (Ticket CS115319), but support tells me they got nothing other than this legacy posting in the forum.

    Since I know Cisco devices are very widely used, I know many of you should have crossed this issue and got it fixed. Can any of you please share your fix with the rest of us?

    Thanks!

    Boudj.