Link to home
Start Free TrialLog in
Avatar of axl13
axl13

asked on

Mozilla Firefox not work on Cisco WEBVPN

IW work great, but when I test with FIrefox, the bookmarked pages do not work.. The page starts to open but does not complete
domain-name asa.com
enable password  encrypted
passwd  encrypted
names
!
interface GigabitEthernet0/0
 description Inside Interface
 nameif inside
 security-level 100
 ip address ccc.ccc.231.55 255.255.255.0 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
no security-level
 no ip address
!
interface GigabitEthernet0/3
 description Outside interface
 nameif outside
 security-level 0
 ip address ddd.ddd.176.53 255.255.255.224 
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
!
time-range WorkHours
 periodic weekdays 6:00 to 18:00
!
boot system disk0:/asa804-32-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup management
dns server-group DefaultDNS
 name-server eee.eee.96.1
 name-server eee.eee.96.15
 domain-name email.com
access-list outside_access_in remark TW
access-list outside_access_in extended permit ip host fff.fff.155.236 any time-range WorkHours 
access-list outside_access_in extended deny ip any any 
access-list inside_authentication remark Radius Authentication Rule
access-list inside_authentication extended permit tcp host fff.fff.155.236 any time-range WorkHours 
access-list inside_authentication extended permit udp any host ccc.ccc.231.62 
access-list webvpn-list webtype permit tcp host eee.eee.58.140 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.37 eq https
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq lotusnotes
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq www
access-list webvpn-list webtype permit tcp host eee.eee.68.59 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.50 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.51 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.2 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.0.44 eq https
access-list webvpn-list webtype permit tcp ccc.ccc.14.112 255.255.255.240 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.4 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.10 eq www
access-list webvpn-list webtype permit tcp host ddd.ddd.176.8 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.45 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.121 eq 4001
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.142 range 7008 7009
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.22 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.4.24 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.6.5 eq https log default
access-list webvpn-list webtype permit tcp host eee.eee.12.6 eq www log default
access-list webvpn-list webtype permit tcp host eee.eee.4.211 eq https log default
access-list webvpn-list webtype deny tcp any log default
access-list webvpn-list webtype deny url any log default
pager lines 24
logging enable
logging timestamp
logging monitor notifications
logging buffered notifications
logging trap debugging
logging history debugging
logging asdm notifications
logging host inside ccc.ccc.231.8
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ddd.ddd.176.227 1
route inside eee.eee.0.0 255.255.0.0 ccc.ccc.231.62 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Radius protocol radius
 accounting-mode simultaneous
 interim-accounting-update
aaa-server Radius (inside) host eee.eee.4.7
 timeout 30
 key see/rad
aaa-server Radius (inside) host ccc.ccc.14.84
 timeout 30
 key see/rad
aaa authentication match inside_authentication inside Radius
http server enable
http eee.eee.0.0 255.255.0.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
no crypto isakmp nat-traversal
telnet eee.eee.97.26 255.255.255.255 inside
telnet eee.eee.97.136 255.255.255.255 inside
telnet eee.eee.96.3 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server ccc.ccc.231.62 source inside prefer
webvpn
 enable outside
group-policy SSLWEBVPN internal
group-policy SSLWEBVPN attributes
 vpn-tunnel-protocol l2tp-ipsec webvpn
 webvpn
  url-list value Shortcuts
  filter value webvpn-list
  customization value SSLWebLogin
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy DOHWebVPN internal
group-policy DOHWebVPN attributes
 vpn-tunnel-protocol webvpn
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Radius
 default-group-policy SSLWEBVPN
tunnel-group DefaultWEBVPNGroup general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN type remote-access
tunnel-group SSLWEBVPN general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN webvpn-attributes
 customization SSLWebLogin
 group-url https://email.email.com enable
 group-url https://email.email.com/go/apple.email.com/mailjump.nsf enable
 group-url https://email.email.com/go/apple.email.com/mailjump2.nsf enable
 group-url https://email.email.com/go/portal.email.com~ssl/https://travel.email.com enable
 group-url https://email.email.com/gp/portal.email.com~ssl enable
 group-url https://email.email.com/latsweb enable
 group-url https://email.email.com/password enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context

Open in new window

Avatar of bignewf
bignewf
Flag of United States of America image
what version of firefox? Have you tried upgrading it to the latest version, including the latest java updates? I use firefox all the time with webvpn without issues.
Could you post some errors from the event logs when this happens?
Avatar of axl13
axl13

ASKER

I am running version 3.5... I believe this is the lastest version... When I do get a pop message box stating to enable JAVA, but that option is already checked...
Avatar of axl13
axl13

ASKER

not sure where the event log is???
Avatar of bignewf
bignewf
Flag of United States of America image
windows event log- right-click on my computer>manage>event viewer>application

also enable logging in the pix/asa
in the asdm gui go to logging>enable logging>enable logging for webvpn.
post the output
Avatar of axl13
axl13

ASKER

Here is the logs for the asa:

Jul 14 10:23:08 192.168.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:24.97.155.236/1838 to identity:192.135.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:xx.xx.155.236/1838 to identity:xx.xx.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
Avatar of axl13
axl13

ASKER

I think this has something to do with the smart tunnaling... The bookmarks all have smart tunning enabled, but the address bar does not....And when I use the address bar, it works....
Avatar of axl13
axl13

ASKER

Looks like smart tunneling only work s for FIrefox 1.X... Is there a work around...
ASKER CERTIFIED SOLUTION
Avatar of bignewf
bignewf
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of axl13
axl13

ASKER

I was able to get firefox to work before your post.. I installed 1.0 and then 2.0, then I reinstalled 3.5 and it worked... As for the smart tuneling, I needed to do this so that when a user click on a bookmark, a new window would open up... That is the way our security dept wants to do it... Unless there is another way to pop up the window???
Avatar of axl13
axl13

ASKER

I will give you credit for the answer... I had o reinstall firefox 3.5 and it started working... Thanks