ASA 5510 - SSL VPN bookmark problem

jpkage1979 · ‎03-19-2009

Hello all,

I have the ASA configured for SSL vpn and anyconnect use. Ideally, I would like to use a bookmark via the clientless portal to allow access to our internal Microsoft Dynamics CRM web server. I have the link configured but when clicking on it, the page looks as if it's going to load but then each frame says "the web page cannot be displayed". I think this may be an authentication problem. Is there a way for the portal to allow the CRM website to ask for proper credentials and then continue loading? It works once connected using the Anyconnect client.

Is this a limitation of this setup or does anyone know a way to get this application to function?

Thanks in advance,

Josh

Farrukh Haroon · ‎03-25-2009

All web applications are not compatible with the Clientless VPN server. There are a number of features available on the ASA firewall to workaround this limitation of clientless SSL VPN (WebVPN).

Smart tunnels are the most appropriate option I guess:

http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp229690

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1218044

Regards

Farrukh

gcrawford2005 · ‎04-03-2009

I am having the same issue, both on our 5510 & VPN 3005 Concentrator. The only way I have found around this was to use port forwarding on the 3005, so they type in 127.0.0.1:5555 and can browse to CRM. Silly way to do it, but I am waiting to hear a better way.

Farrukh Haroon · ‎04-03-2009

The VPNC does not support smart tunnels, it does support port forwarding AFAIR.

The smart tunnel feature is the recommended option as compared to Port Forwarding. However it needs 8.x code on your 5510 box.

Regards

Farrukh