Hi everyone,

I have a Cisco ASA5505 installed. config is below:

pb-gw2# sh run
: Saved
:
ASA Version 8.0(2)
!
hostname pb-gw2
domain-name pshb1.local
enable password mjgSKfuQzL4x1LLu encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.5 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 81.21.95.13 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name pshb1.local
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
nat (inside) 10 192.168.10.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 81.21.95.9 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh 192.168.10.0 255.255.255.0 inside
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
username admin password RS6hkLNrh/9fCzGC encrypted privilege 15
prompt hostname context
Cryptochecksum:b496f66403b8d94b36238fb2567b8cd2
: end
pb-gw2#

**********************************************

We are establishing a connection with Cisco VPN Client ver. 5.0.07.0290 to the external VPN Host 95.86.133.30. Connection is established successfully, then we try to open link https://x.x.x.x:7777/accr. This is the link to the system where you are authenticated with a certificate already installed i personal certificate store. Certificate is valid.

Thing is, that if we are trying to do this while behind the ASA - internet explorer displays his favourite "Internet Explorer cannot display the webpage".

If we connect the laptop directly to the internet with public ip address - everything works fine. As I undesrtand the problem is localized - something is missing from ASA configuration. The question is - what?

Will appreciate any help.

Thanks a lot in advance.