Using SSL Clientless VPN to access a website across a site to site VPN

Unanswered Question
Jul 26th, 2010
User Badges:

I have a client that has a 3rd party vendor needing access to a website that the client accesses over a site to site VPN.  Right now, the 3rd party vendor is using the Anyconnect client on some of their users computers.  However, some of the 3rd party vendors's users have laptops and the Anyconnect client conflicts with another piece of software on these laptops.

I have been trying (unsuccessfully) to get this website to work through the clientless ssl VPN webpage.  I have tried with and without smart-tunneling and have added the IP address of the outside interface to be natted to an IP address that is allowed to go over the site to site VPN.  I see the connection trying to be made, but it always fails.

This is what the connection would look like (I think):

remote user -> clientless ssl vpn page -> ASA -> site to site VPN (between client ASA and site where website is)

So, the remote user connects and logs into the clientless SSL vpn page and then I have a bookmark configured for them to click on and connect to the website.  Like I mentioned earlier, it doesn't matter if I use smart-tunneling or not, I can't get it to work.

I am not even sure if this is possible or I may just be missing something.

TIA for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rahul Govindan Tue, 07/27/2010 - 05:52
User Badges:
  • Silver, 250 points or more

So is the request to the web server going through the site to site tunnel? Could you try adding the outside ip address of the ASA in the interesting traffic for the site to site tunnel and see if request is going through site to site tunnel? What is the nat that you have configured.?


This Discussion