SSL VPN issues

Unanswered Question
Sep 13th, 2010
User Badges:


I'm rolling out clientless SSL VPN out to my current organsiation and I am having issues with Active X - I have setup working profiles and my issues generally lie within Cisco Secure Desktop and active X on the client machine.

I've tried about 6 different windows XP machines running both IE 7 and 8 and keep coming up with errors regarding active X.

Can anyone advise me if they are having any issues that I am also having? Or if they know a way around the problems?

Many thanks for your time.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Todd Pula Mon, 09/13/2010 - 13:54
User Badges:
  • Silver, 250 points or more

What version of ASA and CSD are you running?  What specific errors are you observing and where are you seeing them?  During initial CSD execution?  Does CSD work correctly when testing with Firefox and Java?

Thomas McLean Mon, 09/13/2010 - 14:07
User Badges:

Hi Todd,

Thanks for the fast reply. The ASA is an active/standby setup and are 5505's. The CSD is csd_3.5.1077-k9.pkg.

The problems is with the security settings. For instance when you login via the CSD enabled profile we are faced with a page stating that active X cannot be run (it flicks the screen too quickly but that's the jist of it). I have tried on several machines all running XP pro (different builds) and IE. Now I can sometimes get it to work on some machines but after numerous tests it just dies and then when logging in...on login it asks me if I want to remove CSD. Obviously I don't as I'm trying to login. I'm not sure if I would be confident rolling this concept out to users who don't have much technical expterise as they have to click several allow this content and that content. The ASA's have Verisign certs attached too.

We have purchased a further 20 licenses for users to login and I'm a little sceptical of rolling this out without ironing out these issues in the first instance.

Thanks for your time Todd and any help is very much appreciated.

Todd Pula Mon, 09/13/2010 - 14:16
User Badges:
  • Silver, 250 points or more

When the ActiveX execution fails, does CSD successfully execute using Java on your XP client?  Does your XP base image have any ActiveX restrictions enabled in IE?  Are you able to execute other ActiveX applets or do they fail as well?  Please make sure that the WebVPN FQDN is included in the trusted site list within IE.  If you want me to test access from my lab Windows XP and 7 machines, drop me an e-mail at [email protected] with the URL and test credentials.

Thomas McLean Mon, 09/13/2010 - 14:38
User Badges:


It runs the Java applet generally with no issues but as that's only a quater size of the screen it's quite limiting to say the least. There is no active X issues as they are used on both business laptops and personal machines as I am trying to negate those issues.

Thank you for your input. I will setup an account tomorrow and will email you regarding this. It's very much appreciated.




This Discussion