09-11-2018 05:17 AM - edited 02-21-2020 08:13 AM
Hi,
There is a web server hosted on internet nobody can access it from internet except allowed IPs.
so we can access it from our prem but not from internet.
we created sslvpn on Cisco ASA and added the URL of the web server as bookmark but it doesn't work.
we found that ASA the traffic to internet directly not through the Proxy,
how we can make ASA to send the traffic to this URL to the proxy?
Regards
09-11-2018 06:43 AM
As per my understading
when the user connect to your network using VPN they are not able to access the URL, which was access through your Local Lan but not on VPN.
if this case, is your LAN using Proxy settings, or WCCP to send traffic to proxy Server.
Explain how is your Lan access to this URL, flow model.
09-11-2018 07:54 AM
09-11-2018 08:53 AM
but when the user clicks the bookmark the traffic goes directly to internet without passing the proxy.
This you mean VPN user ? in this case you need to use same policy to route to proxy. (for the IP range for the VPN Range).
09-11-2018 11:05 AM
09-11-2018 12:46 PM
as suggested other post we need more details to assist further on this problem.
09-11-2018 08:41 AM
09-11-2018 12:51 PM
@gbekmezi-DD wrote:
You have more details? What is happening when you try? Is the link showing up in the webvpn portal? What error are you experiencing?
Thanks,
George
yes the link showing in the portal,the traffic goes to internet but as the web server do not accept traffic except from our proxy ip the web page does not open, we need a way to make the traffic go to the proxy I wonder if there is a method to add the proxy IP to the group policy to make this particular bookmark to go to the proxy
09-11-2018 12:55 PM
Since you are redirecting the Traffic to proxy using PBR, you need to identify the VPN user IP block and route the same to proxy for that URL IP, so proxy will can allow your VPN users to access that URL.
If you think this is issue with your other users and Service impact.
for testing create a another vpn user group with new IP range, test it, if that works deploy same for all other users.
Make Sense ?
09-11-2018 12:58 PM
there is NO vpn user ip BECAUSE this is CLIENTLESS vpn
09-11-2018 01:00 PM
09-11-2018 01:05 PM
09-11-2018 01:38 PM
Can you post webvpn part of configuration.
09-11-2018 02:02 PM
09-11-2018 09:01 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide