clientless SSL VPN port-forwarding anomaly

Unanswered Question
Nov 17th, 2010
User Badges:

Hi,  we are running a CISCO ASA 5540 for clientless ssl vpn services.  We would like to run applications remotely using port-forwarding feature.  The applications only require a single tcp port to the target server for operation and the requirement is that the apps should not be reconfigured to work remotely from their configuration at work.


So I've setup a port forward thus:  local 1234 remote server xyz.abc.com remote port 1234


Now,  on the client end the the tunnel is formed ,  as shown by the application access window.  However,  the local connection shows localhost:1234


If I change the clients local host file to point (for testing),  I can run the said application remotely which verifies the the tunnel integrity & I can see packets in the application access window.


Now,  we've got 100's of clients so a manual reconfigure of the client's host file isn't an option for us.  The anomaly I mentioned is that whilst experimenting with this,  my laptop suddenly showed the local connection the same as the remote in the tunnel.  This is obviously the way we would like it to work,  & it was confirmed to work.  With the tunnel app window open, xyz.abc.com resolved to localhost and the app worked remotely,  to check, with the tunnel disconnected xyz.abc.com then resolved to its normal public ip.  That's great,  however I can't reproduce this in any of our other client's

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Atri Basu Mon, 11/22/2010 - 09:30
User Badges:
  • Cisco Employee,

It appears as though this feature doesn't work for any client whose host file hasn't been changed. if this is the case, I would suggest you open a TAC case and have an engineer look at the problem. If it is working for one client,  I doubt that it will be a configuration issue.

Actions

This Discussion

Related Content