Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Clientless VPN - ActiveX Problem - Black Bars

Hi there.

Got random customers reporting that they have got "Black Bars" on their ActiveX RDP session through Cisco Clientless SSL VPN.

Since this problem is not consistent it's pretty tricky to identify the cause of it.         

Anyone experienced this before?

I've attached a picture as an example.

Token-IE10.JPG

Everyone's tags (5)
4 REPLIES
Community Member

Clientless VPN - ActiveX Problem - Black Bars

Hi ,

Try out this

ActiveX pages require that you enable ActiveX Relay or enter activex-relay on the associated group policy. If you do so or assign a smart tunnel list to the policy, and the browser proxy exception list on the endpoint specifies a proxy, the user must add a "shutdown.webvpn.relay." entry to that list.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_clientless_ssl.html#wp2340705

Guidelines and Limitations

This section includes the guidelines and limitations of this feature.

ActiveX pages require that you enable ActiveX Relay or enter activex-relay on the associated group policy. If you do so or assign a smart tunnel list to the policy, and the browser proxy exception list on the endpoint specifies a proxy, the user must add a "shutdown.webvpn.relay." entry to that list.

The ASA supports clientless access to Lotus iNotes 8.5.

The ASA does not support clientless access to Windows Shares (CIFS) Web Folders from Windows 7, Vista, Internet Explorer 8, Mac OS, and Linux. Windows XP SP2 requires a Microsoft hotfix to support Web Folders.

The ASA does not support the following features for clientless SSL VPN connections:

DSA certificates. The ASA does support RSA certificates.

Remote HTTPS certificates.

Requirements of some domain-based security products. Because the ASA encodes the URL, requests actually originate from the ASA, which in some cases do not satisfy the requirements of domain-based security products.

Inspection features under the Modular Policy Framework, inspecting configuration control.

Functionality the filter configuration commands provide, including the vpn-filter command.

VPN connections from hosts with IPv6 addresses. Hosts must use IPv4 addresses to establish clientless SSL VPN or AnyConnect sessions. However, beginning with ASA 8.0(2), users can use these sessions to access internal IPv6-enabled resources.

NAT, reducing the need for globally unique IP addresses.

PAT, permitting multiple outbound sessions appear to originate from a single IP address.

QoS, rate limiting using the police command and priority-queue command.

Connection limits, checking either via the static or the Modular Policy Framework set connection command.

The established command, allowing return connections from a lower security host to a higher security host if there is already an established connection from the higher level host to the lower level host.

Single sign-on application integration (such as SiteMinder) because smart tunnel effectively creates a tunnel between the client and the server, and these applications interfere with ASA working as expected.

If you have several group policies configured for the clientless portal, they are displayed in a drop-down on the logon page. If the top of the list of group policies is one that requires a certificate, then as soon as the user gets to the logon page, they must have a matching certificate. If not all your group policies use certificates, then configure the list to display a non-certificate policy first. Name your group polices to sort alphabetically, or prefix them with numbers so an AAA policy shows up first. For example, 1-AAA, 2-Certificate. Or, create a "dummy" group policy named Select-a-Group, and make sure that shows up first.

HTH

Regards
Santhosh Saravanan

HTH Regards Santhosh Saravanan
Community Member

Clientless VPN - ActiveX Problem - Black Bars

Our default policy includes this activex relay and the active policy inherits from this policy.

Regards, Søren.

Community Member

Clientless VPN - ActiveX Problem - Black Bars

Just upgraded to the newest firmware.

This is still a issue.

Seem's like a client problem to me, just can't find what's causing the problem.

Community Member

Clientless VPN - ActiveX Problem - Black Bars

Finally found a soloution for this problem!

The problem is caused by the IE Zoom setting.

When 120% Zoomed example, the user gets these black bars.

When 100% everything works just fine!

This was a pretty tricky one, but so happy i found the cause of it!

/Søren

886
Views
0
Helpful
4
Replies
CreatePlease to create content