Solved

Mozilla Firefox not work on Cisco WEBVPN

Posted on 2009-07-13
10
1,341 Views
Last Modified: 2012-05-07
IW work great, but when I test with FIrefox, the bookmarked pages do not work.. The page starts to open but does not complete
domain-name asa.com
enable password  encrypted
passwd  encrypted
names
!
interface GigabitEthernet0/0
 description Inside Interface
 nameif inside
 security-level 100
 ip address ccc.ccc.231.55 255.255.255.0 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
no security-level
 no ip address
!
interface GigabitEthernet0/3
 description Outside interface
 nameif outside
 security-level 0
 ip address ddd.ddd.176.53 255.255.255.224 
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
!
time-range WorkHours
 periodic weekdays 6:00 to 18:00
!
boot system disk0:/asa804-32-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup management
dns server-group DefaultDNS
 name-server eee.eee.96.1
 name-server eee.eee.96.15
 domain-name email.com
access-list outside_access_in remark TW
access-list outside_access_in extended permit ip host fff.fff.155.236 any time-range WorkHours 
access-list outside_access_in extended deny ip any any 
access-list inside_authentication remark Radius Authentication Rule
access-list inside_authentication extended permit tcp host fff.fff.155.236 any time-range WorkHours 
access-list inside_authentication extended permit udp any host ccc.ccc.231.62 
access-list webvpn-list webtype permit tcp host eee.eee.58.140 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.37 eq https
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq lotusnotes
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq www
access-list webvpn-list webtype permit tcp host eee.eee.68.59 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.50 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.51 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.2 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.0.44 eq https
access-list webvpn-list webtype permit tcp ccc.ccc.14.112 255.255.255.240 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.4 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.10 eq www
access-list webvpn-list webtype permit tcp host ddd.ddd.176.8 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.45 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.121 eq 4001
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.142 range 7008 7009
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.22 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.4.24 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.6.5 eq https log default
access-list webvpn-list webtype permit tcp host eee.eee.12.6 eq www log default
access-list webvpn-list webtype permit tcp host eee.eee.4.211 eq https log default
access-list webvpn-list webtype deny tcp any log default
access-list webvpn-list webtype deny url any log default
pager lines 24
logging enable
logging timestamp
logging monitor notifications
logging buffered notifications
logging trap debugging
logging history debugging
logging asdm notifications
logging host inside ccc.ccc.231.8
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ddd.ddd.176.227 1
route inside eee.eee.0.0 255.255.0.0 ccc.ccc.231.62 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Radius protocol radius
 accounting-mode simultaneous
 interim-accounting-update
aaa-server Radius (inside) host eee.eee.4.7
 timeout 30
 key see/rad
aaa-server Radius (inside) host ccc.ccc.14.84
 timeout 30
 key see/rad
aaa authentication match inside_authentication inside Radius
http server enable
http eee.eee.0.0 255.255.0.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
no crypto isakmp nat-traversal
telnet eee.eee.97.26 255.255.255.255 inside
telnet eee.eee.97.136 255.255.255.255 inside
telnet eee.eee.96.3 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server ccc.ccc.231.62 source inside prefer
webvpn
 enable outside
group-policy SSLWEBVPN internal
group-policy SSLWEBVPN attributes
 vpn-tunnel-protocol l2tp-ipsec webvpn
 webvpn
  url-list value Shortcuts
  filter value webvpn-list
  customization value SSLWebLogin
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy DOHWebVPN internal
group-policy DOHWebVPN attributes
 vpn-tunnel-protocol webvpn
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Radius
 default-group-policy SSLWEBVPN
tunnel-group DefaultWEBVPNGroup general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN type remote-access
tunnel-group SSLWEBVPN general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN webvpn-attributes
 customization SSLWebLogin
 group-url https://email.email.com enable
 group-url https://email.email.com/go/apple.email.com/mailjump.nsf enable
 group-url https://email.email.com/go/apple.email.com/mailjump2.nsf enable
 group-url https://email.email.com/go/portal.email.com~ssl/https://travel.email.com enable
 group-url https://email.email.com/gp/portal.email.com~ssl enable
 group-url https://email.email.com/latsweb enable
 group-url https://email.email.com/password enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context

Open in new window

0
Comment
Question by:axl13
  • 7
  • 3
10 Comments
 
LVL 15

Expert Comment

by:bignewf
ID: 24845222
what version of firefox? Have you tried upgrading it to the latest version, including the latest java updates? I use firefox all the time with webvpn without issues.
Could you post some errors from the event logs when this happens?
0
 

Author Comment

by:axl13
ID: 24849499
I am running version 3.5... I believe this is the lastest version... When I do get a pop message box stating to enable JAVA, but that option is already checked...
0
 

Author Comment

by:axl13
ID: 24849506
not sure where the event log is???
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:bignewf
ID: 24849589
windows event log- right-click on my computer>manage>event viewer>application

also enable logging in the pix/asa
in the asdm gui go to logging>enable logging>enable logging for webvpn.
post the output
0
 

Author Comment

by:axl13
ID: 24849848
Here is the logs for the asa:

Jul 14 10:23:08 192.168.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:24.97.155.236/1838 to identity:192.135.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:xx.xx.155.236/1838 to identity:xx.xx.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
0
 

Author Comment

by:axl13
ID: 24849863
I think this has something to do with the smart tunnaling... The bookmarks all have smart tunning enabled, but the address bar does not....And when I use the address bar, it works....
0
 

Author Comment

by:axl13
ID: 24851146
Looks like smart tunneling only work s for FIrefox 1.X... Is there a work around...
0
 
LVL 15

Accepted Solution

by:
bignewf earned 500 total points
ID: 24852701
depending on how your webvpn is configured, smart tunnelling is a separate option. You can configure links in webvpn to work directly from the browser by publishing website links linked to webvpn tunnel groups. A user would not need smart tunneling, and would only have to click on the bookmark. This works fine with firefox, even works with firefox on linux distros. Smart tunneling is more useful for rdp access without having to configure port forwarding.

I have smarttunnel working with firefox 3.011 with no issues on both vista and win xp, so it sounds like it is a browser issue. Have you tried different firefox versions .1.X  on the pc's you are testing? I recommend updated to version 3.0
0
 

Author Comment

by:axl13
ID: 24858829
I was able to get firefox to work before your post.. I installed 1.0 and then 2.0, then I reinstalled 3.5 and it worked... As for the smart tuneling, I needed to do this so that when a user click on a bookmark, a new window would open up... That is the way our security dept wants to do it... Unless there is another way to pop up the window???
0
 

Author Closing Comment

by:axl13
ID: 31602827
I will give you credit for the answer... I had o reinstall firefox 3.5 and it started working... Thanks
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question