cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

743
Views
0
Helpful
9
Replies
Beginner

Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Hi All,

i have a question on why my cisco any connect page does not display when i tried accessing it. i have setup the SSL VPN on my Cisco firewall. i have followed all the steps on how to set it up but still my cisco any connect page does not display anything it will just give me a white page.

 

By the way i do have 2 ISPs connected to my firewall, would that also cause the problem? How to dedicate my SSL VPN into a single ISP?

 

Your advise is much appreciated.

 

Thank you so much

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Harold,

 

It looks like you might have some NAT rules that translates 443 on the outside to a server (OWA I think) on the inside. This may cause the SSL session to be terminated on the inside server rather than the ASA. Can you check your NAT rules? 

9 REPLIES 9
Highlighted
VIP Advisor

Re: Cisco Any Connect page does not appear

how do you attempt to connect to your ssl vpn?  what hostname you using?  and what does it resolve into?  

 

 

Please remember to rate useful posts, by clicking on the stars below.

Beginner

Re: Cisco Any Connect page does not appear

Hi Sir,

 

i have firewall.***itsolutions.com and it is already giving a cert. it just gives me a white blank page.

 

actually i have configured another ASA and it also have a SSL VPN through cisco anyconnect and i did not encounter any problem at all. I also tried accessing the Cisco Any Connect page via ISP IP. 

 

Thanks

Hall of Fame Master

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

"By the way i do have 2 ISPs connected to my firewall, would that also cause the problem? How to dedicate my SSL VPN into a single ISP?"

This may be part of your problem. ASAs don't typically handle dual ISPs well for incoming traffic since they only have a single default route outbound. The traffic comes into ASA based on address where you are hosting the VPN page. If it is all setup on the VPN configuration, the ASA will reply to the client using the interface that is appropriate for the default route (i.e. your primary ISP). So the tcp 3-way handshake will never succeed.

One can use a second ISP for failover (route tracking and IP SLA etc.) or with policy-based routing (PBR) if you want to direct traffic to some known destinations down the second ISP. However if you have remote clients at random locations on the Internet you will always use the default route to reach them from the ASA, even if they arrive via the second ISP.

Beginner

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Hi Sir,

 

Thanks for this great info. So how can i select my primary ISP IP address to point to my SSL VPN configuration? Also, my public domain is also pointing to my Primary ISP IP address. 

 

How can i bind the SSL VPN to strictly stick to the Primary IP Address?

 

Thanks

More Power!

Hall of Fame Master

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

You're welcome.

The primary setting is to enable the interface to listen for incoming remote access VPN connections:

webvpn
 enable outside

(assuming "outside" is the nameif of your primary ISP interface - otherwise substitute the actual nameif)

In ASDM that's what happens when you check the box in the remote access VPN connection profile to enable the VPN on the interface and apply the change.

In addition to that, for a full setup, you should have a public DNS entry that maps that interface IP Address to an FQDN and a certificate installed that has that FQDN as a Common Name (CN).

Beginner

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Hi Sir,

i have already did that via ASDM. But still not showing up in the web portal.

 

"OUTSIDE" is the main ISP and it has also FQDN registered with certificate.

 

1.JPG

 

Hall of Fame Master

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Hmm ok. That covers the most common issues.

 

Can you share the output of "show run webvpn" and "show asp table socket | i 0.0.0.0"?

VIP Advocate

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Harold,

 

It looks like you might have some NAT rules that translates 443 on the outside to a server (OWA I think) on the inside. This may cause the SSL session to be terminated on the inside server rather than the ASA. Can you check your NAT rules? 

Beginner

Re: Cisco Any Connect download landing page/web portal does not appear and gives white blank page

i have figured out the problem and it is NAT. thank you all.