cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3002
Views
0
Helpful
0
Replies

Cisco Smart Tunnel SSL VPN Relay applet does NOT start in IE with ActiveX

James Edwards
Level 1
Level 1

I have configured a Smart Tunnel on my ASA 5520 for the Windows application of RealVNC Viewer (vncviewer.exe).  In examining the process tree, it appeared that the vncviewer.exe had a parent process of explorer.exe which was also added to the Smart Tunnel.

After logging into the Clientless VPN and proceeding to the Application Access tab, there you have the option to "Start" the Smart Tunnel.  At the point of starting the Smart Tunnel, an ActiveX applet (Cisco SSL VPN Relay) is supposed to start.  I have seen this start the first time I tried this, but at that time, I was using the Google Chrome browser.  I saw an "Install" button come up, and I installed the applet.  However, I should NOT have been using Chrome.  I should have been using IE.  When I now try IE, the ActiveX control to install the relay applet does not pop up.  It is as if the applet has been certified the first time and does not need to run again.

I am unable to connect to the VNC session with RealVNC Viewer through the Smart Tunnel and the browser does NOT show any packet traffic through the Smart Tunnel.  A Cisco TAC engineer was able to successfully connect through the RealVNC Viewer on his 32-bit Windows PC.  He also tested it on another Cisco TAC engineer's 32-bit PC, and he was able to connect through to the VNC server through the Smart Tunnel.

I similarly tested this from two additional 64-bit Windows PCs from my home.  These PCs had never attempted to connect to this VPN.  When I tried to start the Smart Tunnel, the SSL VPN Relay ActiveX did pop up.  I installed the applet, but was still unable to connect through the Smart Tunnel to the VNC server.

Lastly, I tested with another Cisco TAC engineer, who was able to log into the clientless VPN and able to start the Smart Tunnel, but did not receive the ActiveX install prompt.  The Smart Tunnel was running, but the SSL VPN Relay applet is presumed to not be running.

This behavior is extremely inconsistent.  There seems to be no certain way to make sure that the Cisco SSL VPN Relay applet is running.  We are pretty confident the relay applet is not running and forwarding the Winsock2 requests from the Windows application to the Smart Tunnel.

Has anyone else experienced this behavior or have a solid solution to make this work?

Regards, Marc

0 Replies 0