cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1782
Views
19
Helpful
17
Replies
Highlighted
Beginner

Webvpn--some webs are not loading

I've created a Webvpn, using asa, so that the remote users can log into the ASA and from there visit the webs on the Internet. Most of the webs work fine. But some are not. For example, Yahoo email, everytime when the users put their credentials for yahoo email and try to log in, the page stays there never can log in.

I wonder whether any of you have met this issue before and shed some light?

thanks,

Han

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Hi Han,

Is this related to an ASA?

Have you tried with smart-tunnel?

ASA: Smart Tunnel using ASDM Configuration Example

So you can create bookmarks with the smart-tunnel option enabled.

Thanks.

Portu.

Please rate any helpful posts

View solution in original post

Highlighted

Han,

You are right, make sure the user gets the correct group-policy and therefore the proper URL list (bookmarks).

Thanks.

Portu.

View solution in original post

17 REPLIES 17
Highlighted

Hi Han,

Is this related to an ASA?

Have you tried with smart-tunnel?

ASA: Smart Tunnel using ASDM Configuration Example

So you can create bookmarks with the smart-tunnel option enabled.

Thanks.

Portu.

Please rate any helpful posts

View solution in original post

Highlighted

Portu,

My understanding of smart tunnels is that they are used for internal applications, that is, the applications inside the ASA. But my case is a bit different. these are Yahoo mails and gmails.

Correct me if i am wrong.

thanks,

han

Highlighted

Han,

Smart-tunnels are used when a page does not load properly (possible issues with the content rewrite of the ASA).

This feature does not differentiate between an internal or an external web page / site.

Let me know.

Portu.

Please rate any helpful posts

Message was edited by: Javier Portuguez

Highlighted

Portu,

I tried using, under group policies\portal\smart tunnel, i unchecked the "smart tunnel policy" and selected "use tunnel for all network traffic". It is still the same. the yahoo mail page becomes white and stays there when i am trying to log in.

Is the configuration of tunnel i configured correct?

thanks,

Han

Highlighted

Han,

Please create the bookmark first like this:

Then you apply this bookmark to the specific group-policy.

So when you connect to the Web portal you see something like:

* I tested this with IE 8 & 9.

Portu.

Please rate any helpful posts.

Highlighted

Portu, thanks first. I just tried. And i created a book mark to test, checked the "enalbe smart tunnel". After i created it, i unchecked the Inherent under grouppolicy\portal\ , and selected the list i just created.

However, when i tested from a user side, the user cannot see any bookmarks.

thanks,

Han

Highlighted

Han,

It sounds like it is not properly configured.

Please share:

show run webvpn

show run tunnel-group specific_profile

show run group-policy specific_policy

Thanks.

Portu.

Please rate any helpful posts

Highlighted

Portu, thanks,

ASA#sh run webvpn
webvpn
enable outside
smart-tunnel network www.yahoo.com host www.yahoo.com===>this one I created before the last testing, so it should be irrelevant

When I ran "show run tunnel-group newgroup", it says,
ASA #sh run tunnel-group newgroup
ERROR: Invalid tunnel group name

So, i ran the following instead,

ASA#show run tunnel-group
tunnel-group SSLVPNPROFILE type remote-access
tunnel-group SSLVPNPROFILE general-attributes
default-group-policy newgroup


ASA#show run group-policy newgroup
group-policy newgroup internal
group-policy newgroup attributes
vpn-tunnel-protocol webvpn
webvpn
  url-list value YahooEmail

Highlighted

Han,

The problem here is that your users are connecting to the default group since you do not have any group-url or alias.

Please do this:

webvpn

     tunnel-group-list enable

!

tunnel-group SSLVPNPROFILE webpvn-attributes

     group-alias SSL_VPN enable

!

When they go to the Web Portal will see a menu with this "Alias", which points them to the correct group.

Let me know.

Portu.

Please rate any helpful posts

Highlighted

Highlighted

Portu,

I added these two. And the user could see the menu. But after login, it still has no bookmarks. I only configure "newgroup" on that ASA.

thanks,

Han

ASA# sh run | b group-policy newgroup attr

group-policy newgroup attributes

vpn-tunnel-protocol webvpn

webvpn

  url-list value YahooEmail

username TEST password suKbc9XyagnMAVa2 encrypted

tunnel-group SSLVPNPROFILE type remote-access

tunnel-group SSLVPNPROFILE general-attributes

default-group-policy newgroup

tunnel-group newgroup type remote-access

tunnel-group newgroup webvpn-attributes

group-alias newgroup enable

!

class-map inspection_default

match default-inspection-traffic

!

Highlighted

Han,

Please insert an image of your bookmark configured on ASDM.

Also once connected, please issue:

show vpn-sessiondb webvpn

Thanks.

Portu.

Highlighted

I did, it is still the same. But the command reveals much info. I put the two into bold. the group policy doesnt look right, does it? and i then look at the connectinos files on ASDM, there are four of them there, all enabled.

1. DefaultRAGroup

2. SSLVPNPROFILE

3. DefaultWEBVPNGroup

4.newgroup===>this is the one i am using.

Session Type: WebVPN

Username     : YYY                   Index        : 47
Public IP    : ABC.EFG.XYZ.103
Protocol     : Clientless
License      : SSL VPN
Encryption   : RC4                    Hashing      : SHA1
Bytes Tx     : 109515                 Bytes Rx     : 17644
Group Policy : DfltGrpPolicy          Tunnel Group : newgroup
Login Time   : 03:26:57 UTC Tue Oct 30 2012
Duration     : 0h:00m:29s
Inactivity   : 0h:00m:00s
NAC Result   : Unknown
VLAN Mapping : N/A                    VLAN         : none

ASA(config-tunnel-webvpn)#

Highlighted

It looks like that could be the problem. Portu,

Hold on, I'll let you know.

thanks,

Han