https://community.cisco.com/t5/network-security/ssl-vpn-apps-fail-to-connect-using-java-8-update-71-java-8u71/m-p/2790441#M164175 <P><SPAN class="fullname" itemprop="author">Hi&nbsp;<A href="https://supportforums.cisco.com/users/m8r-68yphu1" title="View user profile." class="username" lang="" about="/users/m8r-68yphu1" typeof="sioc:UserAccount" property="foaf:name" datatype="">m8r-68yphu1</A></SPAN><SPAN>,</SPAN></P> <P></P> <P>Based on your description, looks like the problem might be on the client or server end when the java is updated.&nbsp;</P> <P></P> <P>The port forwarding works at OSI layer 4 and the Java works on the application layer 7, then is unlikey the ASA is modifying the traffic with a new java version installed on the client side.&nbsp;</P> <P></P> <P>Placing a capture on the ASA might gave you &nbsp;a better perspective of problem.</P> <P><A href="https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios" target="_blank">https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios</A></P> <P></P> <P><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html</A></P> <P></P> <P>Hope it helps</P> <P>-Randy-</P> Wed, 27 Jan 2016 03:34:25 GMT rvarelac 2016-01-27T03:34:25Z https://community.cisco.com/t5/network-security/ssl-vpn-apps-fail-to-connect-using-java-8-update-71-java-8u71/m-p/2790440#M164173 <P>A remote client uses the SSL VPN apps for port forwarding through an ASA 5505 firewall.&nbsp;</P> <P>Basically no traffic was able to traverse the port forwarded IP addresses.</P> <P>Using the web browser in the VPN portal allowed access to servers web front ends.</P> <P>Only by rolling back the Java update to 8_66 were the servers accessible by the vpn applications tool</P> <P>Can you share any advice about debugging / resolving this issue?</P> <P>It is required to run latest java version on the client network.</P> <P></P> <PRE class="prettyprint">Result of the command: "show version"<BR />Cisco Adaptive Security Appliance Software Version 8.2(5)58 <BR />Device Manager Version 6.4(5)</PRE> <P></P> <PRE class="prettyprint">Result of the command: "show ssl"<BR />Accept connections using SSLv2, SSLv3 or TLSv1 and negotiate to TLSv1<BR />Start connections using TLSv1 and negotiate to TLSv1<BR />Enabled cipher order: rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1<BR />Disabled ciphers: des-sha1 rc4-md5 null-sha1<BR />SSL trust-points:<BR />outside interface: ASDM_TrustPoint0<BR />Certificate authentication is not enabled</PRE> <P>Connections to servers by ssh on the VPN resulted in this error:</P> <PRE class="prettyprint">ssh someuser@127.0.0.1:22222<BR /><SPAN>"ssh_exchange_identification: Connection closed by remote host"</SPAN></PRE> <P>Using ssh -v we saw keys were transferred and right away closed.</P> Tue, 12 Mar 2019 07:11:20 GMT https://community.cisco.com/t5/network-security/ssl-vpn-apps-fail-to-connect-using-java-8-update-71-java-8u71/m-p/2790440#M164173 m8r-68yphu1 2019-03-12T07:11:20Z https://community.cisco.com/t5/network-security/ssl-vpn-apps-fail-to-connect-using-java-8-update-71-java-8u71/m-p/2790441#M164175 <P><SPAN class="fullname" itemprop="author">Hi&nbsp;<A href="https://supportforums.cisco.com/users/m8r-68yphu1" title="View user profile." class="username" lang="" about="/users/m8r-68yphu1" typeof="sioc:UserAccount" property="foaf:name" datatype="">m8r-68yphu1</A></SPAN><SPAN>,</SPAN></P> <P></P> <P>Based on your description, looks like the problem might be on the client or server end when the java is updated.&nbsp;</P> <P></P> <P>The port forwarding works at OSI layer 4 and the Java works on the application layer 7, then is unlikey the ASA is modifying the traffic with a new java version installed on the client side.&nbsp;</P> <P></P> <P>Placing a capture on the ASA might gave you &nbsp;a better perspective of problem.</P> <P><A href="https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios" target="_blank">https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios</A></P> <P></P> <P><A href="http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html</A></P> <P></P> <P>Hope it helps</P> <P>-Randy-</P> Wed, 27 Jan 2016 03:34:25 GMT https://community.cisco.com/t5/network-security/ssl-vpn-apps-fail-to-connect-using-java-8-update-71-java-8u71/m-p/2790441#M164175 rvarelac 2016-01-27T03:34:25Z