Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
857
Views
5
Helpful
3
Replies

Link to another Group URL from the WebVPN

dbgreekas
Level 1
Level 1

‎01-24-2011 12:27 PM

I have setup a unique GroupURL that allows users to install and run AnyConnect. I would like to provide a LINK to this URL from with my other webvpn portal pages, however the ASA always rewrites the URL and I can't block URL rewrite because the GroupURL is hosted on the ASA.

I don't want to enable AnyConnect within any of the existing webvpn GroupURLs as I have specific permissions and authentication setup for it.

Labels:
0 Helpful
3 Replies 3

Nicolas Fournier
Cisco Employee
Cisco Employee

‎01-28-2011 04:39 AM

Hi,

It can be done with a little bit of tweaking.

Create an html file with a text editor and with the following content:

https://">Anyconnect Group URL

and upload it as a web content on ASDM by going to Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Web Contents.

Once this is done, edit the customization you are using for your WebVPN access and under Portal Page > Custom Panes add the HTML page you've just imported.

Once you wil see it on the portal, the links in this page shouldn't be rewritten and you should be able to get to the Anyconnect group-url if you click on the link there.

Regards,

Nicolas

0 Helpful

dbgreekas
Level 1
Level 1
In response to Nicolas Fournier

‎01-28-2011 08:02 AM

That is exactly what I originally tested and it does get rewritten..

The ASA doesn’t actually change the links in the page, however it does rewrite requests as long as a user is logged in..

I found a work around with two custom html pages stored in the /+CSCOU+/ folder which is available to users before login.

I use once custom page to load a popup. the popup calls the https://web.vpndomain.com/+webvpn+/webvpn_logout.html logout url in a new window.

The popup monitors the original window until it changes to the https://web.vpndomain.com/+CSCOE+/logon.html?reason=1 page indicating that the session to this group url has been closed. It then redirects the browser to the new group url which loads correctly and then the popup closes.

Nicolas Fournier
Cisco Employee
Cisco Employee
In response to dbgreekas

‎01-28-2011 08:14 AM

Nice catch !!!

In the test I've done, the link in the uploaded webpage was pointing to another random server and I was directly going to it when clicking on the link.

The thing I was missing is that you are redirecting the ASA to itself so it resumes rewriting your session directly instead of simply opening the group-url...

Anyway, nice workaround, I'll keep it in mind in case I see somwbody else that wants to achieve this kind of thing

Regards,

Nicolas

0 Helpful
Customers Also Viewed These Support Documents