cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11039
Views
0
Helpful
9
Replies

Cisco Any Connect download landing page/web portal does not appear and gives white blank page

Herald Sison
Level 3
Level 3

Hi All,

i have a question on why my cisco any connect page does not display when i tried accessing it. i have setup the SSL VPN on my Cisco firewall. i have followed all the steps on how to set it up but still my cisco any connect page does not display anything it will just give me a white page.

 

By the way i do have 2 ISPs connected to my firewall, would that also cause the problem? How to dedicate my SSL VPN into a single ISP?

 

Your advise is much appreciated.

 

Thank you so much

1 Accepted Solution

Accepted Solutions

Harold,

 

It looks like you might have some NAT rules that translates 443 on the outside to a server (OWA I think) on the inside. This may cause the SSL session to be terminated on the inside server rather than the ASA. Can you check your NAT rules? 

View solution in original post

9 Replies 9

Dennis Mink
VIP Alumni
VIP Alumni

how do you attempt to connect to your ssl vpn?  what hostname you using?  and what does it resolve into?  

 

 

Please remember to rate useful posts, by clicking on the stars below.

Hi Sir,

 

i have firewall.***itsolutions.com and it is already giving a cert. it just gives me a white blank page.

 

actually i have configured another ASA and it also have a SSL VPN through cisco anyconnect and i did not encounter any problem at all. I also tried accessing the Cisco Any Connect page via ISP IP. 

 

Thanks

Marvin Rhoads
Hall of Fame
Hall of Fame

"By the way i do have 2 ISPs connected to my firewall, would that also cause the problem? How to dedicate my SSL VPN into a single ISP?"

This may be part of your problem. ASAs don't typically handle dual ISPs well for incoming traffic since they only have a single default route outbound. The traffic comes into ASA based on address where you are hosting the VPN page. If it is all setup on the VPN configuration, the ASA will reply to the client using the interface that is appropriate for the default route (i.e. your primary ISP). So the tcp 3-way handshake will never succeed.

One can use a second ISP for failover (route tracking and IP SLA etc.) or with policy-based routing (PBR) if you want to direct traffic to some known destinations down the second ISP. However if you have remote clients at random locations on the Internet you will always use the default route to reach them from the ASA, even if they arrive via the second ISP.

Hi Sir,

 

Thanks for this great info. So how can i select my primary ISP IP address to point to my SSL VPN configuration? Also, my public domain is also pointing to my Primary ISP IP address. 

 

How can i bind the SSL VPN to strictly stick to the Primary IP Address?

 

Thanks

More Power!

You're welcome.

The primary setting is to enable the interface to listen for incoming remote access VPN connections:

webvpn
 enable outside

(assuming "outside" is the nameif of your primary ISP interface - otherwise substitute the actual nameif)

In ASDM that's what happens when you check the box in the remote access VPN connection profile to enable the VPN on the interface and apply the change.

In addition to that, for a full setup, you should have a public DNS entry that maps that interface IP Address to an FQDN and a certificate installed that has that FQDN as a Common Name (CN).

Hi Sir,

i have already did that via ASDM. But still not showing up in the web portal.

 

"OUTSIDE" is the main ISP and it has also FQDN registered with certificate.

 

1.JPG

 

Hmm ok. That covers the most common issues.

 

Can you share the output of "show run webvpn" and "show asp table socket | i 0.0.0.0"?

Harold,

 

It looks like you might have some NAT rules that translates 443 on the outside to a server (OWA I think) on the inside. This may cause the SSL session to be terminated on the inside server rather than the ASA. Can you check your NAT rules? 

i have figured out the problem and it is NAT. thank you all.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: