10-28-2012 06:54 PM
I'm trying to look at a webvpn capture on the ASA. I start the capture:
capture test type user webvpn <user> (entering a valid user name)
Then I connect to the ASA to try to see the trace with "Using a Browser to Display Capture Data" as described in the configuration guide.
https://<asa-address>/admin/capture/test/pcap
After login I get this message in the browser:
"Error: Access-method is not supported for WebVPN captures"
If I stop the capture (no capture test) before trying to connect, the error in the browser is:
"404 Not Found
The requested URL /admin/capture/test/pcap was not found on this server. "
Any ideas greatly appreciated. Thanks!
Solved! Go to Solution.
10-29-2012 05:50 PM
After some research, I finally found it
DOC: Webvpn captures are only saved in zip format
Symptom:
WebVPN captures are only saved in zip format.
Conditions:
As per the following doc :
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1153077
Webvpn captures can be retrieved in pcap format using the browser, which is incorrect. The document needs to be corrected.
Workaround:
N/A
Thanks for all your time and collaboration
Portu.
In case you do not have any more questions please rate any helpful posts and mark this question as answered
10-28-2012 07:14 PM
Hi,
Please check this out:
Using a Browser to Display Capture Data
Perform the following steps to capture data about a clientless SSL VPN session and view it in a browser.
Detailed Steps
Command | Purpose | |
---|---|---|
Step 1 | capture capture_name type webvpn user webvpn_username | Starts the capture utility for clientless SSL VPN. •capture_name is a name you assign to the capture, which is also prepended to the name of the capture files. •webvpn_user is the username to match for capture. |
Step 2 | (Optional) no capture capture_name | Stops the capture utility from capturing packets after a user has logged in and began a clientless SSL VPN session. |
Step 3 | Open a browser and enter the following: https://asdm_enabled_interface_of_the_security_appli ance:port/admin/capture/capture_name/pcap Example: | Displays the capture named hr in a sniffer format. |
Step 4 | Repeat Step 2. |
Are you following these steps?
Thanks in advance.
Portu.
Please rate any helpful posts
10-28-2012 07:39 PM
Thanks Portu.
Yes, I am following the steps. As I mentioned in my original post, if I issue the "no capture" as described in Step 2 (which is "optional?" in the documentation), I get a 404 in the browser. So when I proceed to Step 3 without stopping the capture, I get the error as described.
10-28-2012 07:44 PM
If you try the steps, one by one, including the optional step, does it work for you?
Thanks.
10-28-2012 07:57 PM
???
I follow step 1. The capture is started.
webvpn user connects and uses their session.
I try step 2, then proceed to step 3. The capture stops. The browser returns the 404 error I described
If I skip step 2, then proceed to step 3, I get the "access-method" error, no other data is returned to the browser.
I guess I will try another browser (other than IE) to see if that makes any difference.
10-29-2012 10:08 AM
Let me duplicate this in the lab, I will keep you posted.
Thanks.
10-29-2012 11:13 AM
Hi,
Please check this out:
ASA5510-C(config)# capture webvpn type webvpn user cisco
ASA5510-C(config)# no capture webvpn type webvpn user cisco
INFO: Capture file webvpn_capture.zip was created on disk0:
!
ASA5510-C(config)# show flash:
--#-- --length-- -----date/time------ path
153 132574 Oct 29 2012 12:09:10 webvpn_capture.zip
!
Steps that I followed:
1) Established an SSL connection to the ASA via WebVPN.
2) Once connected created the capture: "capture webvpn type webvpn user cisco"
3) Browsed to the site.
4) Stoped the capture by issuing a "no capture webvpn type webvpn user cisco"
5) Once you stop the capture you will see: "INFO: Capture file webvpn_capture.zip was created on disk0:"
Let me know.
Thanks.
Portu.
Please rate any helpful posts
10-29-2012 01:43 PM
Portu,
Thanks for trying to duplicate this issue. The file gets created as well when I do the capture. That is not the problem. I am trying to "Use a Browser to Display Capture Data" as described in the documentation.
Here are your test steps with my comments inline:
1) Established an SSL connection to the ASA via WebVPN.
<<
2) Once connected created the capture: "capture webvpn type webvpn user cisco"
<<
3) Browsed to the site.
<<
<<< Here did you try step #3 from the documentation? I believe in THIS browser window (not the webvpn user's browser) you are supposed to see the results of the trace. Instead at this point this is where I get the "ERROR: Access-method is not supported for WebVPN captures"
Step 3 | # Open a browser and enter the following: #https://asdm_enabled_interface_of_the_security_appli ance:port/admin/capture/capture_name/pcap #Example: # | ##### Displays the capture named hr in a sniffer format |
4) Stoped the capture by issuing a "no capture webvpn type webvpn user cisco"
<<< Yes, this is the step #2 described as "optional" in the documentation. If I do this and then proceed to step #3 as documented, I get a "404 error."
5) Once you stop the capture you will see: "INFO: Capture file webvpn_capture.zip was created on disk0:"
<<< Yes, I also can see the zipped file in my disk0.
Thanks again for your assistance. I am interested to hear what you find out.
10-29-2012 05:44 PM
After some testing it may be a documentation error, since this method works for normal captures.
I have been trying different ways without sucess.
Thanks for your patience.
Portu.
Please rate any helpful posts
10-29-2012 05:50 PM
After some research, I finally found it
DOC: Webvpn captures are only saved in zip format
Symptom:
WebVPN captures are only saved in zip format.
Conditions:
As per the following doc :
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/webvpn.html#wp1153077
Webvpn captures can be retrieved in pcap format using the browser, which is incorrect. The document needs to be corrected.
Workaround:
N/A
Thanks for all your time and collaboration
Portu.
In case you do not have any more questions please rate any helpful posts and mark this question as answered
10-29-2012 09:50 PM
Portu, thanks for your follow up!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide