Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
858
Views
0
Helpful
4
Replies

ASA Version 8.0(4)28 issues opening URL with javascript

javzone
Level 1
Level 1

‎09-14-2011 01:40 AM - edited ‎03-11-2019 02:24 PM

hi all,

we have a internal URL, that works fine when we bypass ASA and doesn't open via ASA, I have tried the steps as adviced in the following link but issue still is same.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml

Please let me know if there is a option to disable javafilter in ASA. Thanks in Advance!

cheers!

Labels:
0 Helpful
4 Replies 4

varrao
Level 10
Level 10

‎09-14-2011 01:44 AM

Could you provide the ip addresses involved along with the config???

-Varun

Thanks,
Varun Rao
0 Helpful

javzone
Level 1
Level 1
In response to varrao

‎09-14-2011 02:02 AM

Hi Varun,

Thanks for your prompt reponse. Sorry, couldn't uptdate you the config, this is a client's box.

Could you suggest me any steps to test if the ASA is blocking the javascript and if there is a way to disbale.

cheers!

javeed

0 Helpful

varrao
Level 10
Level 10
In response to javzone

‎09-14-2011 02:07 AM

Well not really sure if its a java issue only because you first need to verify whether the config is good for it or not. Are you doing u-turning on the firewall, could you just post the config relevant to the server?

-Varun

Thanks,
Varun Rao
0 Helpful

javzone
Level 1
Level 1
In response to varrao

‎09-14-2011 08:26 PM

Users access this internal URL via cisco vpn client, following is the capture while accessing the URL.

7 packets captured

   1: 10:48:18.417245 x.x.25.23.1323 > 10.31.3.25.80: S 4282388673:4282388673 win 65535

   2: 10:48:18.419823 10.31.3.25.80 > x.x.25.23.1323: S 3400908732:3400908732 ack 4282388674 win 5840

   3: 10:48:18.446677 x.x.25.23.1323 > 10.31.3.25.80: . ack 3400908733 win 32768

   4: 10:48:18.452979 x.x.25.23.1323 > 10.31.3.25.80: P 4282388674:4282389553(879) ack 3400908733 win 32768

   5: 10:48:18.455848 10.31.3.25.80 > x.x.25.23.1323: . ack 4282389553 win 7032

   6: 10:48:18.461813 x.x.25.23.1323 > 10.31.3.25.80: . 4282389553:4282390813(1260) ack 3400908733 win 32768

   7: 10:48:18.464545 x.x.25.23.1323 > 10.31.3.25.80: R 4282390813:4282390813 win 14013

no u-turning confugured, unfortunatly dont have much of the config, it just has a access-list allowed for http port to the server and route, default inspection enabled are.

tp  inspect xdmcp  

message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny 
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip 
  inspect xdmcp

cheers!

javeed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card