thin client ssl vpn doesn't work properly

Unanswered Question
Jul 29th, 2008
User Badges:

Hi everybody,

I'm try to work with WEBvpn on my ASA 5510-k8 (ASA version 7.2.1, asdm 5.2.1).

The url I'm using is this : https://out_ip_address

WEBvpn is up (i can monitoring it) with user tec110pf, IP=myipclient, policy=mypolicy,


When I try to connect to an internal web server, I get the msg "server unavailable" and

in the ASA logging panel I get this msgs :

Group <mypolicy> User <tec110pf> IP <myipclient> WebVPN access GRANTED: http://webserver//

Teardown TCP connection 2222621 for outside:myipclient/27884 to NP Identity Ifc:out_ip_address/443 duration 0:03:17 bytes 47741 TCP Reset-O

Deny TCP (no connection) from myipclient/27884 to out_ip_address/443 flags FIN ACK on interface outside

TCP request discarded from myipclient/27884 to outside:out_ip_address/443

SSL session with client outside:myipclient/27884 terminated.

Moreover , in the Applet Application access compare 2 lines (for 2 applications of the port forwarding) but I'm not able tu use them.

thanx in adv


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Wed, 07/30/2008 - 07:35
User Badges:
  • Cisco Employee,


Do you have DNS server configured on the ASA in the DefaultDNS section.

If you are using ASDM, it would be under Configuration > Device Management > DNS > DNS clients and enable DNS lookup.

Hope this solves your issues.



gdspa Wed, 07/30/2008 - 23:05
User Badges:

unfortunately is just configured.

gdspa Thu, 07/31/2008 - 07:03
User Badges:

with this configuration I've tried to browse network but I got this error msgs :


Error Message %ASA-6-716004: Group group User user WebVPN access DENIED to specified

location: url

Explanation The WebVPN user in this group has been denied access to this url. The WebVPN user's access to various locations can be controlled using WebVPN-specific access control lists. In this case, a particular access control list entry is denying access to this url.

Recommended Action None required.

I don't understand where to crete the acl and how apply it

ggilbert Fri, 08/01/2008 - 08:16
User Badges:
  • Cisco Employee,


On the group-policy do you have any webtype-acl configured.

Can do " sh run all group-policy "

and post it.




This Discussion