The ASA rewrites the page

kossuth78 · ‎12-21-2016

Perhaps somebody will have some insight to offer. Working on placing the WebUI of a server (FreeNAS appliance) behind the ASA and accessing it as a bookmark through a Clientless SSL VPN. This won't be a typical Internet VPN but more so an internal VPN to secure the connection to a device that just can't be that well secured. If you are familiar with these things the concept of least privilage doesn't exist unfortunately hence trying to get it behind some mechanism that we can bounce off Active directory and AD groups (ASA) so we at least some form of nonreputitation on the box.

In my lab the configuration has been pretty straight forward and I had 90% of the solution working in 10 minutes except I ran into a snag that I haven't been able to work out. When I get to the login page on the NAS I input the credentials and it just keeps recycling back to the login page and not logging into the NAS. Any helpful tricks or suggestions. Thanks.

Rahul Govindan · ‎12-21-2016

The ASA rewrites the page when using Clientless SSLVPN, so some backend pages may not interoperate well with the ASA rewrite functionality. One workaround you can try is to enable 'Smart Tunnel' on the Bookmark.This forces traffic to that url to be tunneled through ASA without rewrite. An easy way to identify if you are using smart tunnel is that the actual url of the bookmark will be shown in the browser instead of the rewritten url (eg. https://vpn.cisco.com/+CSCO+/jdhsjhahd......)

More info on Smart tunnels is here:

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/tunnel.pdf

Clientless VPN Bookmark authentication.