Thought this would be an interesting topic to post to see if anyone else has experienced the same issue when using Cisco VPN client. The client is set up for hairpinning out of the head office firewall so that ACL controls can be applied to users in the group.
When we start up VPN client on a windows 7 machine that terminates on an ASA, we can only get to the internet using Firefox. Chrome and MS IE will not open web pages. Our initial thought was that this was down to a simple DNS issue, but then quickly ruled this out as Firefox works seamlessly. There is some talk on various forums about doing a wind back on the versions of Chrome and IE but not sure if this is the problem.
TROUBLE SHOOTING SO FAR
All VPN outputs look normal and sh crypto ipsec sa is all good. We have played around with add ons and extensions in chrome but still can not open anything in either Chrome or IE.
Has anyone had this issue? and if so what was the cause and remedy....
We have taken Wireshark captures for all scenarios and they look normal. All domain names are getting resolved and can be seen in Wireshark. The problem still persists in that we can't open anything in Chrome or IE, but Firefox still works fine. We are going to configure an XP machine and see if we get the same issue. There have been a lot of Windows 7 updates recently and one of them may have caused this issue.
Chrome uses IE's proxy settings. If you look under Configuration> Remote Access VPN> Network (Client) Access>Group Policies>Edit the Policy you are using>Advanced>Browser Proxy. These are the settings that can be pushed down to your user.
If you click on the help for that page, it lists: "This dialog box configures attributes for Microsoft Internet Explorer." Which explains why it doesn't affect Firefox.
We have now tested this on an XP machine and Chrome, IE and of course Firefox all work fine. It would appear that this problem must therefore be a Windows 7 issue, particularly as there have been a lot of updates recently. We have another machine that will not work with Silverlight and all this has happened in the last week or so since all the updates.
rickacs001 - Do you think this might still be a config problem?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...