A very popular scenario for small networks is to have a Cisco ASA 5505 as border firewall connecting the LAN to the Internet. Administrators in such networks are usually encountered with requests from their users that are not very security conscious. Such a request could be to allow Remote Desktop access from the Internet to an internal Windows server. This might be very helpful for users who want to work from home but I would not recommend it. If you have to implement such a scenario, I suggest that you put the Remote Desktop server in a DMZ and not directly in the internal network. However, companies with limited budget might have purchased a Cisco ASA 5505 with basic license which restricts the creation of a DMZ Vlan (although you can create 3 Vlans, the third Vlan can only communicate with one of the other two Vlans but not both). So, let’s see a typical network topology with ASA 5505 basic license and an internal Remote Desktop server.

Again, I don’t recommend such a network topology as shown above. Remote Desktop machines are very prone to attacks, especially brute-force password attacks. In windows, the administrator account does not get locked-out by default. So a brute force administrator password attack on the RDP server from remote attackers can be successful especially if the administrator password is weak. In any case, if you are “forced” to implement such a scenario, here is the configuration:

Assume that the ASA receives IP address dynamically from the ISP (via DHCP protocol). So the outside IP of the ASA is not fixed. Therefore, we will configure static NAT with port redirection using the outside interface. Since the outside address is dynamic, you can use a service such as DynDNS to get a fixed domain name irrespective of the IP mapped with it. The following is a configuration snapshot for ASA versions prior to 8.3 and for ASA 8.3 as well.

ASA version prior to 8.3
ciscoasa(config)# static (inside , outside) tcp interface 3389 192.168.1.10 3389 netmask 255.255.255.255
ciscoasa(config)# access-list OUTSIDE-IN extended permit tcp any any eq 3389
ciscoasa(config)# access-group OUTSIDE-IN in interface outside

ASA version 8.3 and later
ciscoasa(config)# object network RDP_static
ciscoasa(config-network-object)# host 192.168.1.10
ciscoasa(config-network-object)# nat (inside , outside) static interface service tcp 3389 3389
ciscoasa(config)# access-list OUTSIDE-IN extended permit tcp any host 192.168.1.10 eq 3389
ciscoasa(config)# access-group OUTSIDE-IN in interface outside

NOTE: Notice that in version 8.3 we reference the Real IP address (192.168.1.10) in the access-list and not the mapped IP

Cisco ASA supports two major WebVPN modes: Clientless WebVPN and Anyconnect WebVPN.

Let’s see the differences between the two WebVPN modes and I’m sure you will understand why the AnyConnect mode is much better in my opinion.

Clientless WebVPN does not require any VPN client to be installed on user’s computer. It uses a normal web browser. By pointing the browser to https://[outside address of ASA] the user authenticates with the firewall and gets access to a Web Portal. Through this Web Portal, the user can then access a limited number of internal applications. Specifically, only internal Web applications (HTTP, HTTPs), email servers (POP3, SMTP, IMAP), Windows file shares and a small number of TCP legacy applications (e.g Telnet) can be accessed. That is, there is no full network connectivity with Clientless WebVPN.

AnyConnect WebVPN, on the other hand, provides FULL network connectivity to the remote user. The ASA firewall, working as AnyConnect WebVPN server, assigns an IP address to the remote user and attaches the user to the network. Thus, all IP protocols and applications function across the SSL VPN tunnel without any problems. For example, a remote user, after successfully authenticated with AnyConnect VPN, can open a Remote Desktop connection and access a Windows Terminal Server inside the central network. Although a special Java-based client is required to be installed on the user’s desktop, this client can be supplied dynamically to the user from the ASA. The user can connect with a browser to the ASA firewall and download the Java client on demand. The Java client can remain installed or even get removed from the user’s desktop when disconnected from the ASA appliance. This Java client is small in size (around 3MB) and is stored on the ASA flash memory.

If you do not maintain your operating system well, then its performance will suffer over a period of time. So, are you looking for ways to speed up Windows XP? Here is a list of things that you can do to speed up Windows XP in your machine.

1. Say No to Indexing : Indexing services is a memory hogger. It can make your machine keep running full throttled all the time making it noisy. The indexing software processes and keeps up to date the list of files in your machine. This is supposed to make your searches faster, however if you don’t use search very frequently then you can turn the indexing off.
2. Choose Display Settings Carefully: While Windows XP offers a whole lot of display options that might look great, you need to choose the right ones, if you want to speed up Windows XP in your system. If you are not sure which components to keep and which to discard then you can get the help of professional online Windows XP repair services such as Reimage to make sure that your system performs like brand new.
3. Improve Folder Browsing Speeds: Windows XP automatically searches for network printers and files every time you use Windows Explorer. Turning this feature off, can significantly speed up Windows XP performance.
4. Say No to Performance Counters: Windows XP has a utility that monitors several aspects of PC performance. Ironically, this tool reduces the performance of your system and you need to say no to this if you are looking at improving performance of your operating system.
5. Use Performance Optimization Tools: Ensure that you manage the performance of your system effectively by running disk defragmenter and disk clean up regularly. You also need to keep your antivirus and anti spyware software up to date. Keeping your system free from malicious software goes a long way in ensuring that the operating system functions at peak performance. If you cannot do it yourselves, then you can make use of online repair services such as Reimage which will scan and fix not just virus infections but also any non-optimal Windows XP components so as to speed up Windows XP in your system.
6. Define a pagefile size: Windows XP by default uses a 1.5:1 ratio for page file to physical memory allocation. You can reduce it to 1:1 for better performance and also to prevent Windows XP from trying to optimize it frequently.
7. Remove Start up programs: Do not keep too many programs to start up automatically along with Windows. This will really slow down your system performance and make you wait longer each time the system boots up. Also make sure to remove any programs that you no longer use from your system. Unnecessarily keeping old software is one of the prime reasons for system slow down in many PCs that use Windows XP.
8. Repair Windows XP corrupted files. You can repair windows xp online using a professional online repair service such as Reimage. Corrupted and missing files from your system will significantly reduce the performance and speed of your Windows XP.

You can also get professional services to tweak your registry entries and disable services to further improve and speed up Windows XP performance.