Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
6
Replies

OWA login page not displayed via clientless webvpn

itteam003
Level 1
Level 1

‎11-19-2015 02:58 AM

Hi All

We are setting up a new Cisco ASA 5508 VPN and are having difficulties in getting the OWA 2010 bookmark to work, when users connect to the clientless VPN. When clicking the bookmark we always get "this page cannot be displayed". 

The bookmark was created using the predefined application templates. 

The exchange OWA is using https://x.x.x.x/owa

We know that we can get to the exchange, as if we go via the http not https, we land on an IIS page, but we only allow access to OWA via HTTPS. 

We can access other bookmarks we have set, so this problem is specific to OWA. 

Any help would be much appreciated. 

Thanks

Labels:
0 Helpful
6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

‎11-20-2015 07:07 PM

I wonder if this might be an issue with the protocols enabled, e,g. SSL, TLS1, TLS1.1 or TLS1.2.  Check out this reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/asdm73/vpn/asa-vpn-asdm/vpn-asdm-ssl.html

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v431/command/reference/cmdref/crypto_ssl.html

Is the software fairly up to date on your ASA?

0 Helpful

itteam003
Level 1
Level 1
In response to Philip D'Ath

‎11-23-2015 07:06 AM

Hi 

Thanks for your response. Having read the articles provided, I do not believe I am having problems with Protocols. I have done a wireshark trace on my exchange server, and upon clicking the bookmark I can see the client and server communicate, exchange cert information and has an encrypted handshake, but then does a tcp reset, and the login page is not displayed. On the ASA debug monitor I can see a teardown TCP Reset-O

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to itteam003

‎11-23-2015 10:38 AM

So the question is why is the Exchange server sending the reset and tearing down the TCP session.

0 Helpful

itteam003
Level 1
Level 1
In response to Philip D'Ath

‎11-27-2015 08:44 AM

Thanks for you input, after many hours. I have identified what is causing the problem, but failing to understand why this is occuring. 

In IIS if under ssl settings, I set client certificate from Accept to Ignore - the page is displayed, and I can login. 

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to itteam003

‎11-27-2015 11:19 AM

Well done, that is very interesting!

The ASA has both "server" and "client" SSL settings.  I think the client settings are used for when it makes SSL requests, such as this case to your OWA.

Obivoulsy when the ASA is operating in client mode talking to your OWA server it is presenting an untrusted certificate (probably a self signed certificate).

I've never seen anyone use certificate authentication when talking to OWA, so I think the option you have used is the best solution.

0 Helpful

itteam003
Level 1
Level 1
In response to Philip D'Ath

‎11-28-2015 12:54 AM

I have figured this problem is not even related to OWA I have found as I have another iis server and just set up https to the default page and enabled the certificate setting to accept and I hit the same problem. either im missing a setting somewhere on the asa or there is a flaw somewhere which I have not yet identified. 

0 Helpful
Customers Also Viewed These Support Documents