Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5341
Views
0
Helpful
2
Replies

URL Access through SSL VPn

Go to solution
MANSOORQ123
Level 1
Level 1

‎01-18-2011 02:54 PM

Dear Members

Plz see the diagram as well for easy understanding of the issue.

I am facing an issue with the SSL VPN configured on ASA 5520. here is the simple network topology.

client has an ERP Server on inside segment, which is runniing Apche / Tomcat 5.5 and listening on port 8204.Complete URL to access the application installed is

http://192.168.2.1:8204/system/servlet/login

ASA connects to a parameter router, which has remote access VPN configured. Cisco VPN client users can access this URL easily when they connect thru the VPN, also if i create a static Translation for this IP 192.168.2.1, the complete URL is accessible from outside, however problem is happening from SSl VPN, when i enter the URL, nothing appears and Session times out, however if i just enter http://192.168.2.1:8204 , Apache /Tomcat Page opens, that menas thru SSL VPN i can reach the web server running on 192.168.2.1, but that particular URL is not accessible.

here apache on the ERP server is listening on a non standard port, that could be the reason,  do i need to create port-forwarding or smart tunnel.

I already tried with port forwarding, but that did not solve the issue.

Any inputs from your side will be highly appreciated.

Thanks

Ahad

Labels:
Preview file
57 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-24-2011 05:11 AM

Hi Ahad,

when you access the server (url http://192.168.2.1:8204/system/servlet/login) from the inside, does the URL in the location bar of the browser remain the same? Or is it redirecting?

On the login page is there a java applet?

Now there are multiple things to try:

- do a 'view page source' on the working login page (internal or via IPsec vpn) and again on the failing page (via webvpn) and compare - does this provide any hint?

- you can install software like Charles SSL Proxy (http://www.charlesproxy.com/ - note this is not a Cisco product, nor endorsed by Cisco) to see what exactly is happening over the SSL tunnel (i.e. it will show you the HTTP request from the browser to the server, and the response. Again you may want to do this for both a working and failing case to compare.

- as a possible solution: create a HTTP bookmark on the portal for this URL, and enable "smart tunnel" for it.

hth

Herbert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎01-24-2011 05:11 AM

Hi Ahad,

when you access the server (url http://192.168.2.1:8204/system/servlet/login) from the inside, does the URL in the location bar of the browser remain the same? Or is it redirecting?

On the login page is there a java applet?

Now there are multiple things to try:

- do a 'view page source' on the working login page (internal or via IPsec vpn) and again on the failing page (via webvpn) and compare - does this provide any hint?

- you can install software like Charles SSL Proxy (http://www.charlesproxy.com/ - note this is not a Cisco product, nor endorsed by Cisco) to see what exactly is happening over the SSL tunnel (i.e. it will show you the HTTP request from the browser to the server, and the response. Again you may want to do this for both a working and failing case to compare.

- as a possible solution: create a HTTP bookmark on the portal for this URL, and enable "smart tunnel" for it.

hth

Herbert

0 Helpful

Go to solution
Gavin Barber
Level 1
Level 1

‎01-24-2011 07:57 AM

When you say SSL VPN are you using the AnyConnect client or the clientless SSL VPN portal?

If it is clientless SSL VPN portal you may have to use smart tunnelling to access the website, binding the smart tunnel to the web browser application.

If you are using client based AnyConnect then this will not be required and should work in the same manner as your other Cisco VPN clients.

0 Helpful
Customers Also Viewed These Support Documents