WebVPN Client by FQDN doesnt work

Unanswered Question
Apr 30th, 2007
User Badges:

I am setting up an ASA 5510 to test out WebVPN. We are interested in using the web access and the webVPN client(svc). I can access both the web access and the web client(svc) by opening a browser and using the IP address of the ASA and I can access the web access thru a browser using the FQDN of the ASA but when I try to access the web client(svc) using the FQDN I get the following error: The SSL VPN connection to the remote peer was disrupted and could not be automatically re-established. A new connection requires re-authentication and must be started manually.

Any help would be appreicated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
h.parsons Tue, 05/01/2007 - 04:18
User Badges:

I have some more information, after looking at a packet trace of what was going on I found out that because I was using a non-standard port for the SSL VPN access (4443) that when I went to my VPN site (MyVPN.org:4443) I would get the home page to log in. Once I entered my username and password for some reason my PC would send another DNS query for "MyVPN.org:4443" including the port number which the DNS server would reject.

jsterck Tue, 05/15/2007 - 11:43
User Badges:

I have the exact same problem. Im setting my my 871 router with SSLVPN SVC (main use for me). I was going crazy trying to figure out why if I used FQDN it would fail, if I did IP address , it worked fine.

I also am using a non standard port (4433). It seems that the SVC software is kinda junky. I dont like the million times it asks to accept a non certified cert. I even started building out a valid SSL Cert so I dont get the annoying popups (2 to get the login page, up to 4 popups once the SVC app starts) regardless of what certs I import.

Im curious to learn if there is a way around the FQDN/nonstandard SSL port issue.



h.parsons Tue, 05/15/2007 - 16:41
User Badges:

The only way I found was to go back to the standard 443.

jsterck Tue, 05/15/2007 - 16:52
User Badges:

Ill poke around and see if I can find someone who can help. I have a Tac case open and will come back and post any updates.


This Discussion