Solved

Mozilla Firefox not work on Cisco WEBVPN

Posted on 2009-07-13
10
1,334 Views
Last Modified: 2012-05-07
IW work great, but when I test with FIrefox, the bookmarked pages do not work.. The page starts to open but does not complete
domain-name asa.com
enable password  encrypted
passwd  encrypted
names
!
interface GigabitEthernet0/0
 description Inside Interface
 nameif inside
 security-level 100
 ip address ccc.ccc.231.55 255.255.255.0 
!
interface GigabitEthernet0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2
 shutdown
 no nameif
no security-level
 no ip address
!
interface GigabitEthernet0/3
 description Outside interface
 nameif outside
 security-level 0
 ip address ddd.ddd.176.53 255.255.255.224 
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
!
time-range WorkHours
 periodic weekdays 6:00 to 18:00
!
boot system disk0:/asa804-32-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup management
dns server-group DefaultDNS
 name-server eee.eee.96.1
 name-server eee.eee.96.15
 domain-name email.com
access-list outside_access_in remark TW
access-list outside_access_in extended permit ip host fff.fff.155.236 any time-range WorkHours 
access-list outside_access_in extended deny ip any any 
access-list inside_authentication remark Radius Authentication Rule
access-list inside_authentication extended permit tcp host fff.fff.155.236 any time-range WorkHours 
access-list inside_authentication extended permit udp any host ccc.ccc.231.62 
access-list webvpn-list webtype permit tcp host eee.eee.58.140 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.37 eq https
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq lotusnotes
access-list webvpn-list webtype permit tcp eee.eee.4.64 255.255.255.192 eq www
access-list webvpn-list webtype permit tcp host eee.eee.68.59 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.50 eq www
access-list webvpn-list webtype permit tcp host 199.184.31.51 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.2 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.0.44 eq https
access-list webvpn-list webtype permit tcp ccc.ccc.14.112 255.255.255.240 eq www
access-list webvpn-list webtype permit tcp host eee.eee.6.4 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.10 eq www
access-list webvpn-list webtype permit tcp host ddd.ddd.176.8 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.107 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.2 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.45 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.121 eq 4001
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq www
access-list webvpn-list webtype permit tcp host eee.eee.4.142 eq https
access-list webvpn-list webtype permit tcp host eee.eee.4.142 range 7008 7009
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq www
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 eq https
access-list webvpn-list webtype permit tcp host ccc.ccc.14.17 range 7008 7009
access-list webvpn-list webtype permit tcp host eee.eee.4.22 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.4.24 eq 9090
access-list webvpn-list webtype permit tcp host eee.eee.6.5 eq https log default
access-list webvpn-list webtype permit tcp host eee.eee.12.6 eq www log default
access-list webvpn-list webtype permit tcp host eee.eee.4.211 eq https log default
access-list webvpn-list webtype deny tcp any log default
access-list webvpn-list webtype deny url any log default
pager lines 24
logging enable
logging timestamp
logging monitor notifications
logging buffered notifications
logging trap debugging
logging history debugging
logging asdm notifications
logging host inside ccc.ccc.231.8
mtu inside 1500
mtu outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 ddd.ddd.176.227 1
route inside eee.eee.0.0 255.255.0.0 ccc.ccc.231.62 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Radius protocol radius
 accounting-mode simultaneous
 interim-accounting-update
aaa-server Radius (inside) host eee.eee.4.7
 timeout 30
 key see/rad
aaa-server Radius (inside) host ccc.ccc.14.84
 timeout 30
 key see/rad
aaa authentication match inside_authentication inside Radius
http server enable
http eee.eee.0.0 255.255.0.0 inside
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
no crypto isakmp nat-traversal
telnet eee.eee.97.26 255.255.255.255 inside
telnet eee.eee.97.136 255.255.255.255 inside
telnet eee.eee.96.3 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server ccc.ccc.231.62 source inside prefer
webvpn
 enable outside
group-policy SSLWEBVPN internal
group-policy SSLWEBVPN attributes
 vpn-tunnel-protocol l2tp-ipsec webvpn
 webvpn
  url-list value Shortcuts
  filter value webvpn-list
  customization value SSLWebLogin
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy DOHWebVPN internal
group-policy DOHWebVPN attributes
 vpn-tunnel-protocol webvpn
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Radius
 default-group-policy SSLWEBVPN
tunnel-group DefaultWEBVPNGroup general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN type remote-access
tunnel-group SSLWEBVPN general-attributes
 authentication-server-group Radius LOCAL
 default-group-policy SSLWEBVPN
tunnel-group SSLWEBVPN webvpn-attributes
 customization SSLWebLogin
 group-url https://email.email.com enable
 group-url https://email.email.com/go/apple.email.com/mailjump.nsf enable
 group-url https://email.email.com/go/apple.email.com/mailjump2.nsf enable
 group-url https://email.email.com/go/portal.email.com~ssl/https://travel.email.com enable
 group-url https://email.email.com/gp/portal.email.com~ssl enable
 group-url https://email.email.com/latsweb enable
 group-url https://email.email.com/password enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context

Open in new window

0
Comment
Question by:axl13
  • 7
  • 3
10 Comments
 
LVL 15

Expert Comment

by:bignewf
ID: 24845222
what version of firefox? Have you tried upgrading it to the latest version, including the latest java updates? I use firefox all the time with webvpn without issues.
Could you post some errors from the event logs when this happens?
0
 

Author Comment

by:axl13
ID: 24849499
I am running version 3.5... I believe this is the lastest version... When I do get a pop message box stating to enable JAVA, but that option is already checked...
0
 

Author Comment

by:axl13
ID: 24849506
not sure where the event log is???
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 15

Expert Comment

by:bignewf
ID: 24849589
windows event log- right-click on my computer>manage>event viewer>application

also enable logging in the pix/asa
in the asdm gui go to logging>enable logging>enable logging for webvpn.
post the output
0
 

Author Comment

by:axl13
ID: 24849848
Here is the logs for the asa:

Jul 14 10:23:08 192.168.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:24.97.155.236/1838 to identity:192.135.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-302014: Teardown TCP connection 30975 for outside:xx.xx.155.236/1838 to identity:xx.xx.176.53/443 duration 0:00:10 bytes 15350 TCP Reset-O
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
Jul 14 10:23:08 xx.xx.231.55 Jul 14 2009 10:23:08: %ASA-6-725007: SSL session with client outside:xx.xx.155.236/1838 terminated.
0
 

Author Comment

by:axl13
ID: 24849863
I think this has something to do with the smart tunnaling... The bookmarks all have smart tunning enabled, but the address bar does not....And when I use the address bar, it works....
0
 

Author Comment

by:axl13
ID: 24851146
Looks like smart tunneling only work s for FIrefox 1.X... Is there a work around...
0
 
LVL 15

Accepted Solution

by:
bignewf earned 500 total points
ID: 24852701
depending on how your webvpn is configured, smart tunnelling is a separate option. You can configure links in webvpn to work directly from the browser by publishing website links linked to webvpn tunnel groups. A user would not need smart tunneling, and would only have to click on the bookmark. This works fine with firefox, even works with firefox on linux distros. Smart tunneling is more useful for rdp access without having to configure port forwarding.

I have smarttunnel working with firefox 3.011 with no issues on both vista and win xp, so it sounds like it is a browser issue. Have you tried different firefox versions .1.X  on the pc's you are testing? I recommend updated to version 3.0
0
 

Author Comment

by:axl13
ID: 24858829
I was able to get firefox to work before your post.. I installed 1.0 and then 2.0, then I reinstalled 3.5 and it worked... As for the smart tuneling, I needed to do this so that when a user click on a bookmark, a new window would open up... That is the way our security dept wants to do it... Unless there is another way to pop up the window???
0
 

Author Closing Comment

by:axl13
ID: 31602827
I will give you credit for the answer... I had o reinstall firefox 3.5 and it started working... Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question