we configured our ASA 5510 to serve intranet contents via the clientless VPN feature.
We're trying to give our users the possibility to access our ticketing system, Atlassian Jira, and our corporate wiki, Atlassian Confluence.
With Confluence everything appears to be working fine but when editing/creating a new page the rich content editor is not usable. The editor's buttons are there but it's impossible to interact with it (the main text window is not clickable)
Jira is instead completely unusable: the login form appears to be loaded in an Iframe through some script, but the iframe source is pointing at the untranslated url.
I tried to look at the source code of the generated page and indeed there are parts of it with untranslated URLs. I'm pasting some bits of the code with my company url obfuscated:
<input type="hidden" title="baseURL" value="https://jira.<mycompany>.com:443" >
"pipeDelimitedHelp" : "(pipe-delimited)",
"editLayout" : "Choose dashboard layout",
"move" : "move",
"layoutAction" : "https:\/\/jira.<mycompany>.com\/rest\/dashboards\/1.0\/10000\/layout",
"staticResourceUrlPrefix" : "$js.escape($staticResourceUrlPrefix)",
"blankSearchText" : "Search",
"maxGadgets" : "20",
"dashboardUrl" : "https:\/\/jira.<mycompany>.com\/rest\/dashboards\/1.0\/10000",
"dashboardDirectoryResourceUrl" : "https:\/\/jira.<mycompany>.com\/rest\/config\/1.0\/directory",
"dashboardSubscribedGadgetFeedsUrl" : "https:\/\/jira.<mycompany>.com\/rest\/config\/1.0\/directory\/subscribed-gadget-feeds",
"dashboardResourceUrl" : "https:\/\/jira.<mycompany>.com\/rest\/dashboards\/1.0\/10000",
"dashboardDirectoryUrl" : "https:\/\/jira.<mycompany>.com\/rest\/dashboards\/1.0\/\/directory\/10000",
"dashboardDirectoryBaseUrl" : "https:\/\/jira.<mycompany>.com\/",
"dashboardDiagnosticsUrl" : "\/plugins\/servlet\/gadgets\/dashboard-diagnostics",
I'm using an ASA 5510 with ASA version 8.4(2).
Update: the ios has just been upgraded to version 8.4(4)1. While confluence is now working well, Jira is still having the same problems with the urls not being rewritten to the cisco url.
Hi again. I've been playing around with the content rewriter and the proxy bypass without any success.
Does anyone have a suggestion on how to tackle this?
Have you tried with smart-tunneling?
Let me know.
Please rate any helpful posts
I was looking into that feature but, as far as I understand, it requires the vpn client to be windows, right?
I would also like to support other platforms such as Linux and Mac OSX. Did I get it correctly?
Smart tunnel supports all applications not supported by the core rewriter.
•Smart tunnel supports the following Windows platforms:
–Windows 7 x86 (32-bit) and x64 (64-bit) via Internet Explorer 8.x and Firefox 3.x.
–Windows Vista x64 via Internet Explorer 7.x/8.x, or Firefox 3.x.
–Windows Vista x86 SP2 via Internet Explorer 7.x, or Firefox 3.x.
–Windows XP x64 via Internet Explorer 6.x/7.x/8.x and Firefox 3.x.
–Windows XP x86 SP2 or later via Internet Explorer 6.x/7.x, or Firefox 3.x.
•Mac OS X 10.5 running on an Intel processor only, and Mac OS X 10.6.
•Smart tunnel does not support Linux.
Hope to help.
Please rate any helpful posts
Message was edited by: Javier Portuguez
No linux. Then this is not solving my problem, unfortunately.
Thanks anyway for your help.
In that case, I would suggest AnyConnect instead.
Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1
We're already using AnyConnect for company's laptop.
The portal is available to our users when they're in front of a public pc (internet cafè or private pc), therefore Jira and Confluence should be accessible exclusively via the webportal without any intervention on the client (no AnyConnec, no smart proxy) and it has to be cross platform.
The only solution to this issue is to make the content rewriter work as expected
Hi Nicola, I'm having the same issue with JIRA. Were you able to get the content rewriter to work?
Hi Tom, unfortunately not. I'm planning to upgrade the ASA to the latest version to see if this improves the situation. I'm not too confident.
I'll keep you posted
I upgraded to 8.4(5) and still have the same issue. Opened a support case and asked them to look at using an application helper (APCF) file to rewrite the java variables. It was like pulling teeth to get them to even mention APCF!! The main workaround for Cisco is a SmartTunnel, which works on some PCs, but I have others that are locked down so tight the Cisco SSL VPN Relay java applet won't run (seems to require admin rights on the PC). To date, I have sent them HTTPWATCH files and screenshots. Hope to have an answer soon.
Unfortunately I do not have an answer yet. The last update from the TAC engineer was Monday... said he found some interesting info in the captures I sent and was working with another engineer on it. Will let you know if they find a fix.