ASA5510 Clientless VPN SSO RDWEB OWA CIFS

Hi!
I´m trying to use single sign on in clientless vpn portal. I have my bookmarks in place (rdweb/web servers and cifs share). I would like to just enter user/pass just one time (at the portal loginpage of asa5510). I use radius for my auth (radius auth running on a win2008r2 with nap policy).
I have seen on other posts that i should put &csco_sso=1parameter after the url string in bookmark settings but that doesnt work. I also tried the post settings CSCO_WEBVPN_USERNAME & CSCO_WEBVPN_PASSWORD
Do i need to specify single signon server in Group policy i use for clientless vpn? In that case what should i specify?
Servername: Just any name or the fqdn?
Authentication type: I dont have any siteminder solution in place so my options are SAML POST
Settings
Assertion URL: ?
Issuer: ?
Cert:
Do i need to set up a ADFS 2.0 role on my network to use SSO server feature at the asa5510?
Regards,
Fredrik

A couple of updates:
3. I added our nbns server to the Cisco config, and now clicking the Browse entire network button shows me the domain. However, when I click on the domain, it says "Failed to retrieve servers". A had a support tech look at this, and he said the config all looks fine, and he found a few other instances of this for other users. He's investigating and will get back to me.
4. This looks like it's possible through content-rewrite rules (http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/vpn_clientless_ssl.html#wp2389515)
"By default, the security appliance rewrites, or transforms, all clientless traffic. You might not want some applications and web resources (for example, public websites) to go through the ASA. The ASA therefore lets you create rewrite rules that let users browse certain sites and applications without going through the ASA. This is similar to split-tunneling in an IPSec VPN connection."
Whether this will work in combination with SSO is the question, but I'll play around and see what I find. :-)

Similar Messages

ASA Cannot access https device via Clientless VPN bookmark, site to site works fine

We've got two offices connected via an IPSEC tunnel. This site to site VPN works great, we can access our remote devices fine from a PC on either LAN at each office. The device's address is https://192.168.210.2
However, if we make a bookmark on the Clientless VPN for that same address the conneciton just times out if it has to go over the site to site VPN.
We plugged the exact same web enabled device on the local side of the VPN, put in a bookmark for its https address and it works fine. Its just remote bookmarks for devices on the other side of the tunnel do not work.
Looking at the debug log I see the request going out from the source to the destination on port 443 but nothing more. The NAT exemption etc are all right because people on the LAN have no problem accessing this device remotely with their browser.
I haven't been able to adequately describe this problem to find a matching Cisco example, anyone know how to fix this?

hi luis,
thank you for your reply. we've checked the smoothwall configuration, but couldn't discover anything which could cause this problem. we even tried replacing the sa520 with a draytek vigor router to set up an lan-to-lan vpn with the smoothwall. with the draytek in place we have no problems accessing the aforementioned servers, so it seems the issue is with the SA520.
what exactly do you mean by creating an ACL from the remote WAN to our LAN? i assumed you meant creating a firewall rule, allowing traffic from the remote device's public ip to our LAN. however, in that case i need to enter an ip address of a device in our LAN, or else i cannot save this rule. as a test i entered the ip address of my machine as the destination address, but am still unable to access the aforementioned servers.
here's how i set up the rule:
from zone: UNSECURE (WAN/optional WAN)
to zone: LAN
service: ANY
action: ALLOW always
schedule: (not set)
source hosts: Single address
from: public ip of one of the aforementioned servers
source NAT settings > external IP address: WAN interface address (cannot change this setting)
source NAT settings >WAN interface: dedicated WAN (cannot change this setting)
destination NAT settings > internal ip address: 192.168.11.123 (ip address of my machine)
enable port forwarding: unchecked
translate port number: empty
external IP address: dedicated WAN

Getting Error in SSO with OWA scenario.

Hi All,
I am trying the SSO with OWA with EP 6.0 SP13. I am refering the document " Integration Of OutLook Web Access into SAP Enterprise Portal "
I am getting following error:
Portal Runtime Error
An exception occurred while processing a request for :
iView : N/A
Component Name : N/A
Unknown Logon Method 'null' for system 'SSO_OWA'.
See the details for the exception ID in the log file.
I do not find any option which allows me to specify the Login Method While creating a system, in SP13.
What should I do to get the successful implementation?
Thanks in Advance.
Pradnya

Hi Pradnya
There are three methods for creating a new system
1. Use the XML profile in a deployed PARfile
The new system inherits all the global properties defined in the PAR file component. It inherits property names, meta attributes and any default property values.
2. Use an existing template.
If the template was created directly from the PAR file, the new system is identical to the one generated by the first method. If the template has undergone changes, the system inherits the changes made to the property attributes in the template.
3. Copy an existing system
The procedure you use to create a system is not application-sensitive.
You run the same wizard for creating the system for any of the applications to which the portal provides connectors, or for which you have created and deployed a PAR file. The differences reside in the XML profiles, whose properties are determined by the application being defined, as each application has some unique connectivity requirements.
For further details, please go through the following link.
http://help.sap.com/saphelp_erp2004/helpdata/en/ec/0fe43d19734b5ae10000000a11405a/content.htm
Hope that was helpful.
Warm Regards
Priya
P.S: Please consider rewarding points if your problem is solved.

MAC OS X Clientless VPN Plug-in Installation Problem Solved

I have nearly pulled my hair out trying to get clientless VPN connections to work for Mac users looking to connect into our RV220W.
The key is to connect to the router as root the first time in order to avoid VPN plug-in installation permissions issues.
Preconditions: Java must be installed. Installing Java 7 for Mac OS X is 64-bit. This means that 32-bit browsers like Chrome cannot be used and that only 64-bit browsers like Safari will work with the plug-in.
Part 1 – Install the VPN Plug-in
Enable the root user account.
Log into the Mac as root.
Connect to the RV220W VPN portal.
Enter your credentials.
Select VPN Tunnel menu item
Hit the SSL VPN Tunnel Client Installer / Launcher icon.
When prompted, run the Installer.
The VPN should connect.
Disconnect from the VPN and log out of the root System Administrator account.
Part 2 – Use the VPN Plug-in
Log in as your normal user account.
Connect to the router’s VPN portal.
Enter your credentials.
Select VPN Tunnel menu item
Hit the SSL VPN Tunnel Client Installer / Launcher icon.
When prompted, run the software.
The VPN should connect.

I solved my problem by downloading and installing the "Final Cut Pro Universal (supports Intel)" .sit version of the plug-in, which is not the default. I will inform StageTools that the default .zip download doesn't seem to work.

CISCO ASA Clientless VPN Host Scan

Hi All
We open up Internet Explorer 8 on local PC, then we are connecting using clientless vpn to a CISCO ASA 5520 8.0(4), we are getting an issue with the local internet explorer browser closing after 20 mins. The content accessed from the VPN is still available but all local Internet Explorer processes are terminated.
When i look at the hostscan.log i get TOKEN_SUCESS followed by TOKEN_LOGGEDON for the first 20 mins. After 20 minutes i get TOKEN_INVALID followed by the browser kill command which is closing internet explorer. This is effecting all users. If i close the SSL VPN completly the same issue occurs after exactly 20 mins. The session below was started at 14:23:34 and we recieve TOKEN_LOGGEDON at 14:45:50 but TOKEN_INVALID at 14:46:50.
Hope someone can help?
Ian
Host Scan.Log:
[Tue Oct 09 14:45:50.296 2012][libcsd][info][asa_parse_dap_response] parsing DAP response.
[Tue Oct 09 14:45:50.296 2012][libcsd][debug][asa_parse_dap_response] TOKEN_LOGGEDON
[Tue Oct 09 14:45:50.296 2012][libcsd][debug][asa_parse_dap_response] no scan interval, defaulting to 60 sec.
[Tue Oct 09 14:45:50.296 2012][libcsd][debug][cache_cleaner_check_browsers] cache cleaner enabled, verifying browser is still open.
[Tue Oct 09 14:45:50.343 2012][libcsd][debug][run_loop] sleeping for 60 seconds.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][run_loop] awake.
[Tue Oct 09 14:46:50.349 2012][libcsd][all][scan] performing scan.
[Tue Oct 09 14:46:50.349 2012][libcsd][info][process_system_scans] scanning system...
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][update_file] updating file (C:\Users\REMOVED\AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][verify_file] verifying file: C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][verify_file] file has been verified: (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (kernel32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (kernel32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (kernel32.dll) loaded
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_os] os (Windows 7) version (Service Pack 1) arch (x64) proclevel (unknown)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_location] location (REMOVED)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_csdtype] csd protection (cache cleaner)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_csdtype] csd version (3.5.841)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_hostname] hostname (REMOVED)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (135)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (445)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (3389)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (5500)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6051)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6129)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47002)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47006)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (47007)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49152)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49153)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49154)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49175)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49179)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (49184)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (9089)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (139)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (123)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (500)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (4500)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (5355)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (6004)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64000)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64246)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (1900)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (50907)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (53973)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (56922)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (57555)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (57906)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (59441)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60837)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60919)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (63966)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64019)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (64955)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (65202)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (137)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (138)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (1900)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_openports] found open port (60918)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_macaddrs] found MAC addr (6431.5034.738f)
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][scan_system_applications] No removable applications installed.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] initializing certificate subsystem ...
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] mozilla cert store enabled
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] capi cert store enabled
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] initializing mozilla certificate module...
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (kernel32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (kernel32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (kernel32.dll) loaded
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][reg_open_key] checking 32-bit registry hive: SOFTWARE\Mozilla\Mozilla Firefox.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] unable to load mozilla libs.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_init] initializing mozilla certificate module... failed
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_free_api] not initialized
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][moz_free_api] not initialized
[Tue Oct 09 14:46:50.349 2012][libcsd][warn][cert_init] failed to initialize mozilla certificates
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (Crypt32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (Crypt32.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (Crypt32.dll) loaded
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_init] initializing certificate subsystem ... done
[Tue Oct 09 14:46:50.349 2012][libcsd][warn][cert_get_user_certs_prop_list] mozilla certificates not initialized.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initializing certificate subsystem ...
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initialization of capi certificated completed.
[Tue Oct 09 14:46:50.349 2012][libcsd][debug][cert_free] de-initializing certificate subsystem ... done
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_file_verify_trust] verifying file trust (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] path not absolute, file signature not checked (Wintrust.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (Wintrust.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (Wintrust.dll) loaded
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] file signature verified(C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] attempting to load library (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll)
[Tue Oct 09 14:46:50.349 2012][libcsd][info][hs_dl_load] library (C:\Users\ REMOVED \AppData\Local\Cisco\Cisco HostScan\lib\libdesktop.dll) loaded
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB958830)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2425227)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2479943)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2491683)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2503665)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2506014)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2506212)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2507618)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2509553)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2510531)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2511455)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2518869)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2532531)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2533552)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2534111)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2536275)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2536276)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2539635)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2544521)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2544893)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2552343)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2556532)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2560656)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2564958)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2567680)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2570947)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2572077)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2579686)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2584146)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2585542)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2588516)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2598845)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2618444)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2618451)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2619339)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2620704)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2620712)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2631813)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2633952)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2639417)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2641690)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2644615)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB2656356)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB958488)
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][scan_system_hotfixes] detected hotfix: (KB976902)
[Tue Oct 09 14:46:50.895 2012][libcsd][info][process_host_scans] scanning environment...
[Tue Oct 09 14:46:50.895 2012][libcsd][info][process_inspector_scans] scanning for security software...
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][process_inspector_scans] no inspector list items.
[Tue Oct 09 14:46:50.895 2012][libcsd][info][scan_perform_scan] scanning complete.
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.version="Windows 7"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.servicepack="Service Pack 1"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.architecture="x64"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.os.processor_level="unknown"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.policy.location=" REMOVED "
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.protection="cache cleaner"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.protection_version="3.5.841"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.hostname=" REMOVED "
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["135"]="true"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["445"]="true"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["3389"]="true"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["5500"]="true"
[Tue Oct 09 14:46:50.895 2012][libcsd][debug][get_data] endpoint.device.port["6051"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["6129"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47002"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47006"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["47007"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49152"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49153"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49154"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49175"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49179"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["49184"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["9089"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["139"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["123"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["500"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["4500"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["5355"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["6004"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64000"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64246"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["1900"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["50907"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["53973"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["56922"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["57555"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["57906"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["59441"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60837"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60919"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["63966"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64019"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["64955"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["65202"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["137"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["138"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["1900"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.port["60918"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.device.MAC["6431.5034.738f"]="true"
CERTIFICATE INFO REMOVED
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB958830"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2425227"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2479943"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2491683"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2503665"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2506014"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2506212"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2507618"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2509553"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2510531"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2511455"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2518869"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2532531"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2533552"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2534111"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2536275"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2536276"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2539635"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2544521"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2544893"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2552343"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2556532"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2560656"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2564958"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2567680"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2570947"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2572077"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2579686"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2584146"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2585542"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2588516"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2598845"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2618444"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2618451"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2619339"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2620704"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2620712"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2631813"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2633952"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2639417"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2641690"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2644615"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB2656356"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB958488"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][get_data] endpoint.os.hotfix["KB976902"]="true"
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting peer
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting l2 peer: (REMOVED)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setpeer] setting peer done. peer = REMOVED, referrer = REMOVED
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][asa_post_dap] sending results to: (REMOVED /+CSCOE+/sdesktop/scan.xml?reusebrowser=1)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie: (sdesktop=70E341AC00B5735F069D5FFE)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header: (Cookie: sdesktop=70E341AC00B5735F069D5FFE)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_addheader] adding http header done
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setcookie] setting cookie done
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects: (10)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_setredircount] setting redirects done
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][asa_post_dap] sending results to: (REMOVED /+CSCOE+/sdesktop/scan.xml?reusebrowser=1)
[Tue Oct 09 14:46:50.911 2012][libcsd][debug][hs_transport_post] posting data
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] processing http response headers
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] getting http headers from l2
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] getting http headers headers from l2 done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][parse_response_headers] parsing http headers
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] --- Http Response Headers ---
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] HTTP-Version: 1.1
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Status-Code: 200
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Cache-Control: no-cache
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Connection: Keep-Alive
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Date: Tue, 09 Oct 2012 13:46:50 GMT
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Pragma: no-cache
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Transfer-Encoding: chunked
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Content-Type: text/xml
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] Server: Cisco AWARE 2.0
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][dump_http_headers] --------------------
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][parse_response_headers] parsing http headers done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][process_response_headers] processing http response headers done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_post] posting data done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_post_dap] results sent to (REMOVED).
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] --- http data ---
todo
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] --- http data ---
todo
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][hs_transport_get_data] getting data done
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_post_dap] headend response: (<?xml version="1.0" encoding="ISO-8859-1"?>
<hostscan><status>TOKEN_INVALID</status></hostscan>
[Tue Oct 09 14:46:50.926 2012][libcsd][info][asa_parse_dap_response] parsing DAP response.
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_parse_dap_response] TOKEN_INVALID
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][asa_parse_dap_response] no scan interval, defaulting to 60 sec.
[Tue Oct 09 14:46:50.926 2012][libcsd][debug][browser_restore] restoring browser settings.
[Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (2400)
[Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (6944)
[Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (2396)
[Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (1436)
[Tue Oct 09 14:46:50.957 2012][libcsd][info][browser_kill] killing browser: iexplore.exe with pid (532)
[Tue Oct 09 14:46:50.957 2012][libcsd][debug][restore_ie_history] restoring IE history.

Windows 8 clientless SSL VPN is officially supported as of 9.0(2) and 9.1(2) codes:
Clientless SSL VPN: Windows 8 Support: http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html
Maybe upgrading your code will fix it...
Patrick

Clientless VPN remote file explorer

I'm hoping this is a simple one. I recently upgraded our ASA 5505 to 9.1.(1). We have several users that use the clientless VPN from their home systems, and require access to file shares. I was hoping that the Remote File Explorer listed in the release notes would be an improvement, but I can't seem to find it. Customizing the Portal, I've enabled "File Server Shares" under applications, but enabling/disabling it seems to do nothing. "Network drives" is the same old interface. File Server Entry and Browsing are enabled. I've also checked the plugins downloads, but I don't see anything that looks right. What am I missing?

You need to know the IP address of the server on the other side of the VPN.
Network auto-discovery protocols tend to not work over VPN connection (generally you don't want the overhead of the discovery protocols going over the VPN link).
Once you know the IP address of the server, though, you can mount that server via the Finder's Go -> Connect to Server. Once logged into the server you should be able to use the normal Finder actions to navigate the network share.

Clientless VPN Connection

ASA version: 8.2(1), ASDM version: 6.2(1), Device Type ASA 5540
I use the Wizard to create a clientless VPN. When I try to access VPN, it will not display a logon banner. I get page can not be displayed.
webvpn
enable OUTSIDE
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
url-list value LSWMDD
group-policy SABVPN internal
group-policy SABVPN attributes
banner none
vpn-tunnel-protocol webvpn
group-policy DLADAPS internal
group-policy DLADAPS attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DLADAPS
default-domain value nanw.ds.army.mil
group-policy AIRFORCEVPN internal
group-policy AIRFORCEVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AIRFORCEVPN_splitTunnelAcl
default-domain value nanw.ds.army.mil
group-policy DOLWMDDVPN internal
group-policy DOLWMDDVPN attributes
dns-server value 206.30.20.10 206.30.20.8
vpn-idle-timeout none
vpn-session-timeout none
vpn-tunnel-protocol IPSec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DOLWMDDVPNCLIENT_splitTunnelAcl
default-domain value nanw.ds.army.mil
webvpn
url-list none
username John.M password cQan8plLN9eaLZU. encrypted privilege 5
username John.M attributes
vpn-group-policy DLADAPS
service-type admin
username AIRFORCEVPN password 25ypW8Yr10fxCJSa encrypted privilege 5
username AIRFORCEVPN attributes
vpn-group-policy AIRFORCEVPN
username John.Doe password LCiP9VY.Q4v4nCb6 encrypted privilege 15
tunnel-group DOLWMDDVPN type remote-access
tunnel-group DOLWMDDVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DOLWMDDVPN
tunnel-group DOLWMDDVPN ipsec-attributes
pre-shared-key *
tunnel-group DLADAPS type remote-access
tunnel-group DLADAPS general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy DLADAPS
tunnel-group DLADAPS ipsec-attributes
pre-shared-key *
tunnel-group AIRFORCEVPN type remote-access
tunnel-group AIRFORCEVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy AIRFORCEVPN
tunnel-group AIRFORCEVPN ipsec-attributes
pre-shared-key *
tunnel-group 131.78.30.200 type ipsec-l2l
tunnel-group 131.78.30.200 ipsec-attributes
pre-shared-key *
tunnel-group SABVPN type remote-access
tunnel-group SABVPN general-attributes
address-pool DOLWMDDIPPOOL
default-group-policy SABVPN
tunnel-group SABVPN webvpn-attributes
group-alias SABVPN enable
group-url https://140.153.60.170/SABVPN enable

Hello,
I see that the public IP address you are using is not accessible from the outside at all, make sure that you are using the default port for this --> 443, also just to isolate this, enable the access of the clientless from your inside interface and try to access it by the inside IP address on your inside network:
webvpn
enable inside
Try to open the clientless, it that opens it seems that you are having issues with the port on that case, either ways we can take a capture from the Outside IP address to the public IP address of the outside computer:
capture CAP interface outside match tcp host <Outside_IP_ASA> host <Public_IP_COMPUTER>
Let me know how it works out,
Don't Forget to rate and mark as correct the helpful Post!
David Castro,
Regards,

Clientless VPN vs Anyconnect

Hi Guys,
On the ASA 5500 series, can someone please tell me if Clientless VPN is the same as Anyconnect? Any help will be greatly appreciated.
Thanks,
Lake

Lake
Clientless VPN is a VPN that does not use a client to establish the VPN.
AnyConnect is a VPN client.
so Clientless VPN is not the same as AnyConnect. On the ASA if you do clientless VPN then the user has the browser connect to the ASA, and basically the ASA provides the VPN service through the browser.
HTH
Rick

Disable ASA Clientless VPN Application Customization Help File

I am trying to completely disable ASA Clientless VPN Applications help files. Is there a way to do this?

Windows 8 clientless SSL VPN is officially supported as of 9.0(2) and 9.1(2) codes:
Clientless SSL VPN: Windows 8 Support: http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html
Maybe upgrading your code will fix it...
Patrick

Clientless VPN / Custom Portal Pages by source address

ASA 8.4, Clientless VPN
Can you think of a way to present varying experiences (Portal Pages) to clients depending on source IP address?
So, clients emanating from a.b.0.0/16 would see Portal Page X, clients from c.d.0.0/16 would see Portal Page Y, and all other clients would see Portal Page Z?
--sk

If you have not found the solution. Please look at the following in ASDM
Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Customization
Edit your Customization File, Under the Portal Page and Toolbar ensure that the 'Display toolbar' is checked off.

CLIENTLESS VPN

Hi,
can anybody tell me the advantage of using clientless VPN for VPN 3000 series concentrators ? is there any link where i can learn to configure this feeature ?
thanks

The term 'clientless VPN' refers to Secure Socket Layer (SSL) Virtual Private Networks (VPNs). The advantage of using clientless VPN is the ability to secure a connection even when using a standard web browser with no additional client software required. Information about SSL VPN is available at http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/networking_solutions_sub_solution_home.html
Information about this feature is also available at http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns142/netbr09186a00801f0a72.html

Local HDD through Clientless VPN

Hello. How to connect local HDD through Clientless VPN???

Yes, access with RDP, but there is a task that requires connecting through clienless vpn to different servers are also available to local HDD client PC.
I implemented it by adding the connection "rdp://servers?RedirectDrives=TRUE", but it is uncomfortably for end users, as it is possible to solve the problem without having to manually specify this option?
Thanks in advance.

Deny IPSEC and allow Clientless VPN for a group

Hello,
I'm trying to block the L2TP over IPSEC,and allow Clientless VPN for a group from the Active Directory (with a radius server).
But I've failed to deny the ipsec access...
I have two groups that have a differents class.25 attributes:
CN=IPSEC_user;
CN=WebSSL_user;
And I want deny the ipsec acces for CN=WebSSL_user but I want allow this one to access Clientless SSL VPN! and vice versa forCN=IPSEC_user;
For the group IPSEC_user there is no problem (I've disabled almost everything in a DAP), But for CN=WebSSL_user I don't know how to deny the IPSEC access.

Oh I completely overlooked that, you were using CN instead of OU. Note that the CN is ignored by the ASA, so only the OU is used to define the group-policy.
I'm just guessing now, but if you meant to assign a tunnel-group, that is not possible, because the radius authentication only takes place after a tunnel-group has already been selected (since authentication is a property of the tunnel-group).
In this kind of scenario that is usually not a problem, it is ok for all users to even connect to the same tunnel-group, and just get different group-policies.
If for some reason you do want to have 2 tunnel-groups and want to prevent that users connect to the 'wrong' one, then you can use the group-lock feature for that - this will deny the connection if the user connected to the wrong TG.
i.e.
group-policy WebSSL_user attributes
vpn-tunnel-protocol webvpn
group-lock value myWebSSLTunnelGroup
hth
Herbert

Where are Clientless VPN Plugins on this website?

Hi,
I've spent way longer than I should have trying to find the SSH/Telnet plugin for Clientless SSL VPN. Can someone please direct me to its location? I'm tired of digging through 8-9 step hierarchy with a non-functioning searchbar.
Thanks.

Hi J,
Here is the link:-
http://software.cisco.com/download/release.html?mdfid=279916878&softwareid=282829226&release=1.1.1
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.

Clientless VPN and Java not working correctly

In a recent discovery we found that the newest version of java will not work with our Cisco SSLVPN setup
We are using an ASA5510 with 8.0.4 IOS version and 6.1.3 ADSM version and most users use an mstsc.exe smart tunnel to rdp into our terminal server farm.
Our laptops are being imaged with Java 6 update 3 (this works fine) then upgraded to Java 6 update 11, after which the smart tunnel appears to launch but a connection cannot be established. Reinstalling the older version of Java resolves the problem.
I was wondering if anyone else has encountered a similar problem and found a workaround. Currently, company equipment is not being upgraded to the latest version of Java but personal equipment is a different story.

To get the old downloader back follow the directions below.
# In the [[Location bar autocomplete|Location bar]], type '''about:config''' and press '''Enter'''. The about:config "''This might void your warranty!''" warning page may appear.
# Click '''I'll be careful, I promise!''', to continue to the about:config page.
# Filter '''browser.download.useToolkitIT'''.
# Double click and '''make sure it says true.'''
# You now have the classic downloader back! Yay!
Any issues or confused?
* http://kb.mozillazine.org/About:config

ASA5510 Clientless VPN SSO RDWEB OWA CIFS

Similar Messages

Maybe you are looking for