08-08-2012 08:35 AM
I am working on a Cisco ASA WebVPN v8.4(4)1 and Anyconnect v3.0.08057 nomad solution for a customer.
I use an external application to manage the nomad user connection to the corporate (Cisco ASA) VPN gateway and I have to check a HTTPS page is joinable to ensure the gateway is available before establishing the Anyconnect VPN conenction.
To do so, I add a basic custom page to the webvpn portal using Web Contents feature stored in /+CSCOU+/check.html.
Using any standard web browser, it is great: I can access the file before any authentication and verify the content is the one awaited.
But my external application do not support gzip compression and every imported Web Content into the webvpn portal is returned with gzip compression whereas I disabled HTTP compression in DlftGrpPolicy.
I tried to import an APCF XML directive to the webvpn config but it seems not applied when accessing an imported web content before any webvpn connection established.
Is there a way to disable gzip compression for imported web content in ASA webvpn ?
Here is the HTTP stream caught by HTTP Watch:
REQUEST:
GET /+CSCOU+/cehck.html HTTP/1.1
Accept: */*
Accept-Language: fr-FR
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.OC)
Accept-Encoding: gzip, deflate
Host: xxxxxxxx.com
Connection: Keep-Alive
RESPONSE:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 37
Content-Encoding: gzip
Cache-Control: max-age=6000
Conenction: Keep-Alive
Date: Wed, 08 Aug 2012 15:04:54 GMT
<♀ b↨-8N Y"C$aSÑ3à⮬½░
08-08-2012 08:59 AM
I think this an example of proper exchange.
Requested:
Accept-Encoding: gzip, deflate
Responder:
Content-Encoding: gzip
For reference:
http://tools.ietf.org/html/rfc2616#section-14.3
In this case client requests cehck.html and actually says that gzip and deflate are acceptable, so I would not say it's not supported as such :-)
08-13-2012 03:18 AM
Yes, sorry it is correct for the Firefox test here:
Requested: Accept-Encoding: gzip, deflate
Responder: Content-Encoding: gzip
But, if I remove the gzip support from Firefox (as my custom web client does), the ASA does not serve the requested html page:
Requested:
GET /+CSCOU+/check.html HTTP/1.1
Accept: */*
Accept-Language: fr-FR
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.OC)
Host: xxxxxxxx.com
Connection: Keep-Alive
Response:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: max-age=6000
Conenction: Keep-Alive
Date: Mon, 13 Aug 2012 09:40:13 GMT
Content:
Any idea ?
08-13-2012 03:57 AM
There is definately something to look into.
I've run a quick test in the lab and saw similar behavior. We've seen similar behavior but it was very long time ago.
Please open a TAC case and let them investigate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide