Portu,

My understanding of smart tunnels is that they are used for internal applications, that is, the applications inside the ASA. But my case is a bit different. these are Yahoo mails and gmails.

Correct me if i am wrong.

thanks,

han

Han,

Smart-tunnels are used when a page does not load properly (possible issues with the content rewrite of the ASA).

This feature does not differentiate between an internal or an external web page / site.

Let me know.

Portu.

Please rate any helpful posts

Message was edited by: Javier Portuguez

Portu,

I tried using, under group policies\portal\smart tunnel, i unchecked the "smart tunnel policy" and selected "use tunnel for all network traffic". It is still the same. the yahoo mail page becomes white and stays there when i am trying to log in.

Is the configuration of tunnel i configured correct?

thanks,

Han

Han,

Please create the bookmark first like this:

Then you apply this bookmark to the specific group-policy.

So when you connect to the Web portal you see something like:

* I tested this with IE 8 & 9.

Portu.

Please rate any helpful posts.

Portu, thanks first. I just tried. And i created a book mark to test, checked the "enalbe smart tunnel". After i created it, i unchecked the Inherent under grouppolicy\portal\ , and selected the list i just created.

However, when i tested from a user side, the user cannot see any bookmarks.

thanks,

Han

Han,

It sounds like it is not properly configured.

Please share:

show run webvpn

show run tunnel-group specific_profile

show run group-policy specific_policy

Thanks.

Portu.

Please rate any helpful posts

Portu, thanks,

ASA#sh run webvpn
webvpn
enable outside
smart-tunnel network www.yahoo.com host www.yahoo.com===>this one I created before the last testing, so it should be irrelevant

When I ran "show run tunnel-group newgroup", it says,
ASA #sh run tunnel-group newgroup
ERROR: Invalid tunnel group name

So, i ran the following instead,

ASA#show run tunnel-group
tunnel-group SSLVPNPROFILE type remote-access
tunnel-group SSLVPNPROFILE general-attributes
default-group-policy newgroup

ASA#show run group-policy newgroup
group-policy newgroup internal
group-policy newgroup attributes
vpn-tunnel-protocol webvpn
webvpn
  url-list value YahooEmail

Han,

The problem here is that your users are connecting to the default group since you do not have any group-url or alias.

Please do this:

webvpn

     tunnel-group-list enable

!

tunnel-group SSLVPNPROFILE webpvn-attributes

     group-alias SSL_VPN enable

!

When they go to the Web Portal will see a menu with this "Alias", which points them to the correct group.

Let me know.

Portu.

Please rate any helpful posts

For further reference:

ASA 8.x: Allow Users to Select a Group at WebVPN Login via Group-Alias and Group-URL Method

Portu.

Please rate any helpful posts

Portu,

I added these two. And the user could see the menu. But after login, it still has no bookmarks. I only configure "newgroup" on that ASA.

thanks,

Han

ASA# sh run | b group-policy newgroup attr

group-policy newgroup attributes

vpn-tunnel-protocol webvpn

webvpn

  url-list value YahooEmail

username TEST password suKbc9XyagnMAVa2 encrypted

tunnel-group SSLVPNPROFILE type remote-access

tunnel-group SSLVPNPROFILE general-attributes

default-group-policy newgroup

tunnel-group newgroup type remote-access

tunnel-group newgroup webvpn-attributes

group-alias newgroup enable

!

class-map inspection_default

match default-inspection-traffic

!

Han,

Please insert an image of your bookmark configured on ASDM.

Also once connected, please issue:

show vpn-sessiondb webvpn

Thanks.

Portu.

I did, it is still the same. But the command reveals much info. I put the two into bold. the group policy doesnt look right, does it? and i then look at the connectinos files on ASDM, there are four of them there, all enabled.

1. DefaultRAGroup

2. SSLVPNPROFILE

3. DefaultWEBVPNGroup

4.newgroup===>this is the one i am using.

Session Type: WebVPN

Username     : YYY                   Index        : 47
Public IP    : ABC.EFG.XYZ.103
Protocol     : Clientless
License      : SSL VPN
Encryption   : RC4                    Hashing      : SHA1
Bytes Tx     : 109515                 Bytes Rx     : 17644
Group Policy : DfltGrpPolicy          Tunnel Group : newgroup
Login Time   : 03:26:57 UTC Tue Oct 30 2012
Duration     : 0h:00m:29s
Inactivity   : 0h:00m:00s
NAC Result   : Unknown
VLAN Mapping : N/A                    VLAN         : none

ASA(config-tunnel-webvpn)#

It looks like that could be the problem. Portu,

Hold on, I'll let you know.

thanks,

Han