04-07-2020 05:20 AM - edited 04-08-2020 02:37 AM
Hi,
I have a customer that has a few bookmarks to their Internal resources within their Clientless VPN portal. The users can access those internal resources through the Clientless VPN however, they are unable to access any dropdown menus, instead some html code appears in place of the dropdown text. Also, certain buttons on the resource webpage do not work properly i.e. when pressed either return an error or no response at all. The same resource is fully accessible over other VPNs.
There is a similar support ticket (https://community.cisco.com/t5/vpn/ssl-clientless-vpn-portal/td-p/2615390) where the following explanation is given: "ASA uses rewrite functions to hide the actual URLs and sometime some application/pages are not re-written properly, and they are not rendered correctly on the browser. Check if the ASA version is compatible with the application using (http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#pgfId-228100)"
The ASA used in this case is a 5516 with 9.8(4)10. The compatibility check URL above shows clientless VPNs from the ASA with 9.8 to be compatible with Chrome and Firefox. JAVA 8 is also installed on the PC.
Am I missing something? Is there any solution or a fix to this? Is this a bug that is fixed in a latest ios version?
I have managed to find a weird fix where I disable code rewrite for the bookmarked resources. This makes the bookmark unlink itself from the clientless VPN when opened and opens as a separate URL rather than opening with the clientless VPN, thus requiring Cisco Anyconnect client to be logged in simultaniously providing a split-list route. However, it is not a very neat fix and defeats the whole purpose of using a Clientless VPN.
Is there any proper fix to this?
Thanks and kind regards
Solved! Go to Solution.
04-08-2020 05:11 AM
Hi,
I've had similar issues with some deployments, most probably the problem was related to browser/Java. I fixed it by using Smart Tunnels, you may also disable URL rewrite as you'll be tunnelling traffic to a specific destination now through your browser.
Yes, technically speaking Smart Tunnels came as an evolution of port forwarding, but it doesn't mean you can't use it for HTTP/HTTPS traffic as well, especially with these incompatibilities.
Regards,
Cristian Matei.
04-08-2020 03:14 AM
Hi,
I understand that those web resources are functional when access via client-based VPN< but you have issues over cleintless SSL VPN, right?
Have you tried using Smart Tunnels for these apps, or disable the URL rewrite function?
Regards,
Cristian Matei.
04-08-2020 03:57 AM - edited 04-08-2020 04:24 AM
Hi Cristian,
Yes, that is correct. The resources are fully functional when accessing via client-based VPN but have issues over clientless. i.e. resource webpage not displaying correctly.
I have tried disabling the URL rewrite function which is what I refer to in the weird fix at the end of my main post. But when the URL rewrite is disabled for the resource, opening the URL unlinks itself from the webvpn and which makes it inaccessible unless the anyconnect client is also logged in providing it with a route back to the VPN.
Smart tunnels; I thought were only an option for specific applications like citrix etc and were an alternative to port-forwarding. The internal resources are simple http pages accessed via the bookmarks in the clientless portal.
Kind regards
04-08-2020 05:11 AM
Hi,
I've had similar issues with some deployments, most probably the problem was related to browser/Java. I fixed it by using Smart Tunnels, you may also disable URL rewrite as you'll be tunnelling traffic to a specific destination now through your browser.
Yes, technically speaking Smart Tunnels came as an evolution of port forwarding, but it doesn't mean you can't use it for HTTP/HTTPS traffic as well, especially with these incompatibilities.
Regards,
Cristian Matei.
04-08-2020 06:54 AM
04-08-2020 07:25 AM
Hi,
There have been several issues/bugs with Chrome and Smart Tunnel. Look in this guide for Smart Tunnel requirements, and test till you may find a working Chrome version. I would stick to the IE, at least it works, most of the times.
Regards,
Cristian Matei.
04-08-2020 08:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide