ASA 7.2(2) ssl vpn (full tunnel mode)

Unanswered Question
Jun 19th, 2008

Hello,

After changing the default port 443 to e.g. 442 for the WebVPN access I see the following behaviour:

- clientless access mode is working as befor

- full tunnel client access mode gives the following error message:

"The SSL VPN to the remote peer was disrupted and could not automatically be re-established. A new connection requires re-authentication and must be started manually."

After changing the port nbr. back to 443, everything was working fine again. Beside changing the port number, ist there any thing else to consider?

Thank's for any reply,

Daniel

ASA Version 7.2(2)

!

hostname fwrexu01

domain-name xy.local

enable password x encrypted

names

!

interface Vlan1

description LAN

nameif inside

security-level 100

ip address 192.168.24.254 255.255.255.0

!

interface Vlan3

description Outside, WebServer

nameif outside

security-level 0

ip address 192.168.23.254 255.255.255.0

!

access-list outside_access_in extended permit tcp any host 192.168.24.20 eq https

access-list outside_access_in extended permit tcp any host 192.168.24.20 eq smtp

access-list outside_access_in extended permit icmp any any echo-reply

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit icmp any any echo

access-list inside_nat_outbound extended permit ip 192.168.24.0 255.255.255.0 19

2.168.1.0 255.255.255.0

access-list backup_access_in extended permit icmp any any echo-reply

pager lines 24

logging enable

mtu inside 1500

mtu backup 1500

mtu outside 1500

ip local pool WebVPN 192.168.200.10-192.168.200.100 mask 255.255.255.0

arp timeout 14400

global (backup) 1 interface

nat (inside) 1 access-list inside_nat_outbound norandomseq

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 192.168.23.1 1 track 1

group-policy WebVPN-Policy internal

group-policy WebVPN-Policy attributes

dns-server value 192.168.24.20 195.186.1.111

vpn-tunnel-protocol webvpn

webvpn

functions url-entry file-access file-entry file-browsing

url-list value Servers

customization value Rexult-WebLogin

svc enable

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool WebVPN

authentication-server-group RADIUS LOCAL

default-group-policy WebVPN-Policy

tunnel-group DefaultWEBVPNGroup webvpn-attributes

customization Rexult-WebLogin

nbns-server 192.168.24.20 timeout 2 retry 2

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

console timeout 0

management-access inside

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

!

service-policy global_policy global

ntp server 192.168.24.20 source inside

webvpn

port 442

enable outside

csd image disk0:/securedesktop-asa-3.1.1.45-k9.pkg

csd enable

svc image disk0:/sslclient-win-1.1.3.173.pkg 1

svc enable

customization Rexult-WebLogin

title text Rexult WebVPN Service

logo none

url-list Servers "Outlook WebAccess" https://192.168.24.20/exchange 4

prompt hostname context

: end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
druch Sun, 07/06/2008 - 01:24

Thank's for the link. But my problem is not the clientless SSL VPN mode. The SVC is not working afer changing the port. Does the scv client needs to be installed again after the port change?

Actions

This Discussion