cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2442
Views
0
Helpful
11
Replies

issue opening website with webvpn

Patrick de Geus
Level 1
Level 1

I have clientless webvpn configured on my ASA5505.

Most website can be opend when using Webvpn.

But when i open a website, like youtube/google, i get the message "Connection failed     Server   - youtube.com -    unavailable."

When i open the website on ip address there is no issue.

I found out that website with ipv6 and ipv4 addresses are unavailable and website with only ipv4 addresses are available.

My ASA doesn't have an ipv6 address.

Does someone know how to make this work?

1 Accepted Solution

Accepted Solutions

Michael Muenz
Level 5
Level 5

I looked over your config and saw IPv6 config on Vlan1. Can you please disable it? It's useless when you don't use v6 on your outside IF and causes DNS troubles, because v6 replies are preferred.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

View solution in original post

11 Replies 11

Michael Muenz
Level 5
Level 5

Which ASA version do you run? Can't reproduce with 9.0.2

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

I'm running ASA version 8.4(4)1

I tried the following versions:

8.4.5

8.4.6

9.0.2

With all the versions i still have the issue.

I've attached the config of my ASA.

 dns-server value 192.168.121.2

Does this nameserver resolves names for youtube and other problematic sites? What if you change it to something like 2.2.2.2 just for experiment?

192.168.121.2 is my internal dns(on ddwrt).

When i'm at home i don't have issues on my laptop/tablet/etc.

Also opendns servers are used on my internal dns.

I tried using opendns servers directly on my asa, still the same issue.

using dns server 2.2.2.2 gives the same error.

Michael Muenz
Level 5
Level 5

I looked over your config and saw IPv6 config on Vlan1. Can you please disable it? It's useless when you don't use v6 on your outside IF and causes DNS troubles, because v6 replies are preferred.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

I disabled IPv6, but still the same message.

Do you reloaded the machine after disabling v6?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

No i didn't. I'll reload the ASA, test it again and reply the outcome of the test.

I reloaded and still didn't work.

I notcied that in de routing table still ipv6 address where there.

Autoconfig of ipv6 was still enabled on the inside interface.

Disabled autoconfig of ipv6 and now it works!

Thanks!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: