Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

clientless SSL VPN port-forwarding anomaly

Hi,  we are running a CISCO ASA 5540 for clientless ssl vpn services.  We would like to run applications remotely using port-forwarding feature.  The applications only require a single tcp port to the target server for operation and the requirement is that the apps should not be reconfigured to work remotely from their configuration at work.

So I've setup a port forward thus:  local 1234 remote server remote port 1234

Now,  on the client end the the tunnel is formed ,  as shown by the application access window.  However,  the local connection shows localhost:1234

If I change the clients local host file to point (for testing),  I can run the said application remotely which verifies the the tunnel integrity & I can see packets in the application access window.

Now,  we've got 100's of clients so a manual reconfigure of the client's host file isn't an option for us.  The anomaly I mentioned is that whilst experimenting with this,  my laptop suddenly showed the local connection the same as the remote in the tunnel.  This is obviously the way we would like it to work,  & it was confirmed to work.  With the tunnel app window open, resolved to localhost and the app worked remotely,  to check, with the tunnel disconnected then resolved to its normal public ip.  That's great,  however I can't reproduce this in any of our other client's

Everyone's tags (4)
Cisco Employee

Re: clientless SSL VPN port-forwarding anomaly

It appears as though this feature doesn't work for any client whose host file hasn't been changed. if this is the case, I would suggest you open a TAC case and have an engineer look at the problem. If it is working for one client,  I doubt that it will be a configuration issue.

CreatePlease to create content