Solved: SSL Clientless VPN Portal

#TCN · ‎01-28-2015

HI All,

I have a customer that has a bookmark to their Intranet within their clientless VPN portal

The remote users can access their internal intranet however they can’t access any drop down menus that should appear when they hover or click on the drop down links …. Unsure if this is an ASA or client / java issue ..... All works good when using the localy installed VPN client direct from PC > Website issue is on the clientless portal.

ASA 5510
ASA Version – 8.2(5)

Cheers
James

Abaji Rawool · ‎01-30-2015

Hi James,

when you access the application webpage directly or through anyconnect it is direct interaction between your browser and application server but when you access it using clienteles portal of ASA it is connection proxied by ASA. ASA uses rewrite functions to hide the actual urls and sometime some application / pages are not re-written properly and they are not rendered correctly on the browser. check if the ASA version is compatible with the application.

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#pgfId-228100

You can use httpwatch tool to compare the HTTP requests and responses when accessing the application directly vs accessing it over clientless VPN and then open a TAC case to address the rewrite issues.

Regards,

Abaji.

View solution in original post

Mohsin Burki · ‎01-29-2015

Hi James,

Are both VPN client and clientless using the same firewall?

BR

#TCN · ‎01-30-2015

Hi

Thanks for your reply :-)

Yip both VPN's go via the same ASA firewall.

Technically using the same browser too (Firefox or IE 10) Java version 7 update 55 – only difference is just going through the vpn portal to access the bookmarked intranet verses logging on via AnyConnect client then accessing the intranet direct from local laptop (which works fine)

Looking at some tests it would appear that my browser and Java is fine on my laptop – as I can access everything as it should direct from laptop to website – no issues

I have added everything I can think of to the trusted sites / compatibility settings etc – so I am unsure if this an ASA issue or Intranet issue – possibly some compatibility issues between the portal browser and website

The customer would like to use the clientless portal on the ASA similar to Citrix to access their intranet rather than roll out the VPN client and access the intranet direct.

Regards,

James

Abaji Rawool · ‎01-30-2015

Hi James,

when you access the application webpage directly or through anyconnect it is direct interaction between your browser and application server but when you access it using clienteles portal of ASA it is connection proxied by ASA. ASA uses rewrite functions to hide the actual urls and sometime some application / pages are not re-written properly and they are not rendered correctly on the browser. check if the ASA version is compatible with the application.

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asa-vpn-compatibility.html#pgfId-228100

You can use httpwatch tool to compare the HTTP requests and responses when accessing the application directly vs accessing it over clientless VPN and then open a TAC case to address the rewrite issues.

Regards,

Abaji.

#TCN · ‎01-30-2015

Thanks for your reply Abaji

I will check this out and post my response soon

Regards,

James

#TCN · ‎01-30-2015

Appears to be a compatibility issue and customer is looking at the ASA upgrade.

Thanks for you help

Regards,

James