Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WebVPN problem to Webserver on the Inside

I have the following set up:

User(WebVPN)---VPN Conc.---PIX---Webserver

WebVPN SSL login page is displayed by Concentrator. I log in fine after being authenticated by external RADIUS server located on LAN.

Then I get the WebVPN splash page with preconfigured servers/urls. I click on the link for the internal Webserver. Now im presented the login page for the Open Exchange server. I login, again authenticated by same external RADIUS server - and get a "page cannot be displayed". Looking at the URL displayed I wouldnt expect it to work since the endpoint url link is not encapsulated within the SSL url previously used. Below are the urls when going through the above process:

(1) OX5 Web Page URL

https://www.xyzcompany.com/webvpn/index.html

("xyzcompany.com" resolves to outside ip adress of Concentrator which is setup to accept incoming SSL VPN connections)

(2) Actual OX5 (Open Exchange) web page authentication

https://www.xyzcompany.com/http/0/ukox5.sitelocation.uk.companyname/cgi-bin/login.pl

(so you can see the webserver url link is encapsulated within the initial SSL session to Conc. outside address)

(3) Logging onto OX5 webserver, session ID is created and redirected.

https://www.xyzcompany.com/servlet/intranet?SITE=beforeAuth&sessionID=febb11a92128d898bbbf201cf5addc87

(you can see that the "/http/0/ukox5.sitelocation.uk.companyname/cgi-bin/login.pl" has been dropped from the url)

Blank screen is displayed. Authentication is successfull. OX5 Web server shows Active sessions from Concentrator inside IP address.

PIX also indicates an SSL VPN session is active to the webserver.

Any ideas what the problem could be?

NB. When I try accessing OX5 webserver from an internal IP address (i.e. I use Cisco VPN Client to get on the LAN), then access "ukox5.sitelocation.uk.companyname/" - it works fine. Could be because the webserver is expecting this source url, and for SSL is not expecting the url to be preceeded by "https://www.xyzcompany.com".

Any thoughts would be welcomed.

Thanks

127
Views
0
Helpful
0
Replies
CreatePlease login to create content