cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
723
Views
0
Helpful
5
Replies

thin client ssl vpn doesn't work properly

gdspa
Level 1
Level 1

Hi everybody,

I'm try to work with WEBvpn on my ASA 5510-k8 (ASA version 7.2.1, asdm 5.2.1).

The url I'm using is this : https://out_ip_address

WEBvpn is up (i can monitoring it) with user tec110pf, IP=myipclient, policy=mypolicy,

tunnel-group=defaultWEBVPNgroup.

When I try to connect to an internal web server, I get the msg "server unavailable" and

in the ASA logging panel I get this msgs :

Group <mypolicy> User <tec110pf> IP <myipclient> WebVPN access GRANTED: http://webserver//

Teardown TCP connection 2222621 for outside:myipclient/27884 to NP Identity Ifc:out_ip_address/443 duration 0:03:17 bytes 47741 TCP Reset-O

Deny TCP (no connection) from myipclient/27884 to out_ip_address/443 flags FIN ACK on interface outside

TCP request discarded from myipclient/27884 to outside:out_ip_address/443

SSL session with client outside:myipclient/27884 terminated.

Moreover , in the Applet Application access compare 2 lines (for 2 applications of the port forwarding) but I'm not able tu use them.

thanx in adv

Lr

5 Replies 5

ggilbert
Cisco Employee
Cisco Employee

GD,

Do you have DNS server configured on the ASA in the DefaultDNS section.

If you are using ASDM, it would be under Configuration > Device Management > DNS > DNS clients and enable DNS lookup.

Hope this solves your issues.

Thanks

Gilbert

unfortunately is just configured.

with this configuration I've tried to browse network but I got this error msgs :

716004

Error Message %ASA-6-716004: Group group User user WebVPN access DENIED to specified

location: url

Explanation The WebVPN user in this group has been denied access to this url. The WebVPN user's access to various locations can be controlled using WebVPN-specific access control lists. In this case, a particular access control list entry is denying access to this url.

Recommended Action None required.

I don't understand where to crete the acl and how apply it

GD,

On the group-policy do you have any webtype-acl configured.

Can do " sh run all group-policy "

and post it.

thanks

Gilbert

In your WebVPN profile you have to allow URL access in that specific tunnel group - post your group config.

HTH>

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: