07-29-2008 01:24 AM
Hi everybody,
I'm try to work with WEBvpn on my ASA 5510-k8 (ASA version 7.2.1, asdm 5.2.1).
The url I'm using is this : https://out_ip_address
WEBvpn is up (i can monitoring it) with user tec110pf, IP=myipclient, policy=mypolicy,
tunnel-group=defaultWEBVPNgroup.
When I try to connect to an internal web server, I get the msg "server unavailable" and
in the ASA logging panel I get this msgs :
Group <mypolicy> User <tec110pf> IP <myipclient> WebVPN access GRANTED: http://webserver//
Teardown TCP connection 2222621 for outside:myipclient/27884 to NP Identity Ifc:out_ip_address/443 duration 0:03:17 bytes 47741 TCP Reset-O
Deny TCP (no connection) from myipclient/27884 to out_ip_address/443 flags FIN ACK on interface outside
TCP request discarded from myipclient/27884 to outside:out_ip_address/443
SSL session with client outside:myipclient/27884 terminated.
Moreover , in the Applet Application access compare 2 lines (for 2 applications of the port forwarding) but I'm not able tu use them.
thanx in adv
Lr
07-30-2008 07:35 AM
GD,
Do you have DNS server configured on the ASA in the DefaultDNS section.
If you are using ASDM, it would be under Configuration > Device Management > DNS > DNS clients and enable DNS lookup.
Hope this solves your issues.
Thanks
Gilbert
07-30-2008 11:05 PM
unfortunately is just configured.
07-31-2008 07:03 AM
with this configuration I've tried to browse network but I got this error msgs :
716004
Error Message %ASA-6-716004: Group group User user WebVPN access DENIED to specified
location: url
Explanation The WebVPN user in this group has been denied access to this url. The WebVPN user's access to various locations can be controlled using WebVPN-specific access control lists. In this case, a particular access control list entry is denying access to this url.
Recommended Action None required.
I don't understand where to crete the acl and how apply it
08-01-2008 08:16 AM
GD,
On the group-policy do you have any webtype-acl configured.
Can do " sh run all group-policy
and post it.
thanks
Gilbert
08-02-2008 09:48 AM
In your WebVPN profile you have to allow URL access in that specific tunnel group - post your group config.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: