Under Construction

Achilleas · ‎03-12-2013

I setup my Clientsless VPN on a ASA Firewall 5510 and when accessing it internally (using the firewall's internall IP address) it displays fine.

But when I entering the externall IP address from home e.g. https://232.14.14.14/ it gives you the choise to procceed or not and wjen i choose it is a secure page in order to procceed then I get the following message:

Under Construction

The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured.

Please try this site again later. If you still experience the problem, try contacting the Web site administrator.

If you are the Web site administrator and feel you have received this message in error, please see "Enabling and Disabling Dynamic Content" in IIS Help.

To access IIS Help

Click Start, and then click Run.
In the Open text box, type inetmgr. IIS Manager appears.
From the Help menu, click Help Topics.
Click Internet Information Services.

Any ideas please???

Javier Portuguez · ‎03-12-2013

Awesome, thanks!!

Now, you have two options:

1- Remove the static translation or change it to a different port:

no static (inside,outside) tcp interface https Firewall5510_Server https netmask 255.255.255.255

2- Change the WebVPN port to something else:

webvpn

no enable outside

port 8443

enable outside

So when you connect, you go to: https://1.1.1.1:8443

HTH.

Portu.

View solution in original post

Javier Portuguez · ‎03-12-2013

Hi Achilleas,

It looks like you have a port-forwarding to an internal IIS server on port 443.

Please issue a "show run nat" on your ASA and look for any static translation pointing to 443.

You could share the output here, I'll be glad to check it out for you.

HTH.

Portu.

Please rate any helpful posts.

Achilleas · ‎03-12-2013

That's the output:

Firewall5510# show run nat

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0

Firewall5510#

any suggestions?

Javier Portuguez · ‎03-12-2013

Thanks

Please share the "show run static", I thought the ASA was running 8.3 +.

Thanks.

Portu.

Achilleas · ‎03-12-2013

Firewall5510# show run static

static (inside,outside) tcp interface 3389 Firewall5510_Server 3389 netmask 255.255.255.255

static (inside,outside) tcp interface smtp Firewall5510_Server smtp netmask 255.255.255.255

static (inside,outside) tcp interface ftp Firewall5510_Server ftp netmask 255.255.255.255

static (inside,outside) tcp interface 465 Firewall5510_Server 465 netmask 255.255.255.255

static (inside,outside) tcp interface https Firewall5510_Server https netmask 255.255.255.255

static (inside,outside) tcp interface www Firewall5510_Server www netmask 255.255.255.255

Firewall5510#

Javier Portuguez · ‎03-12-2013

Awesome, thanks!!

Now, you have two options:

1- Remove the static translation or change it to a different port:

no static (inside,outside) tcp interface https Firewall5510_Server https netmask 255.255.255.255

2- Change the WebVPN port to something else:

webvpn

no enable outside

port 8443

enable outside

So when you connect, you go to: https://1.1.1.1:8443

HTH.

Portu.

Achilleas · ‎03-13-2013

Hi Javier,

I tried option 1 and it didn't work.

But with option 2 works fine!

Thank you very much for your help, I really appreciate your help.

Many Thanks,

Achilleas.

Javier Portuguez · ‎03-13-2013

Awesome!!

Have a nice day

Clientless VPN works internally but NOT externally! Help please!

Under Construction

To access IIS Help