?
Solved

Cisco ASA SSL VPN produces 2 webpages

Posted on 2009-12-17
4
Medium Priority
?
382 Views
Last Modified: 2012-05-08
We have our ASA using the Anyconnect VPN and it seems to be working fine. If you navigate to the IP address of our ASA's Outside interface, we get the correct login screen. It asks for the Username, Password and to choose a Group. I have it setup to use our Radius server for authentication. I can type in my Active Directory credentials and it logs me in and checks for the Anyconnect client on my PC.

We moved forward with registering a FQDN for this EXACT same IP address, but when we try and user this FQDN, the ASA brings up a different webpage. This webpage only has a Username and Password field. There is no option to select a VPN Group. If I try and use my AD credentials, it fails authentication.

I confirmed that the FQDN is using the correct IP by pinging it.

Has anyone seen this before?
0
Comment
Question by:CoKzoo
  • 2
3 Comments
 
LVL 7

Expert Comment

by:geergon
ID: 26077239

OK lets do this:

Connect using the IP and the FQDN:

And check the the status of the connection:
show vpn-sessiondb svc
(the idea is to check the group-policy and the tunnel-group selected)

is the name of the ASA as the FQDN?

Also try to do this:
"revert webvpn all"


0
 

Accepted Solution

by:
CoKzoo earned 0 total points
ID: 26080096
Actually I found the problem.  A colleage of mine attempted the WebVPN setup several months ago.  We had several internal websites that offsite users needed to get to.  He thought that when he created the Clientless SSL VPN Connection Profile for these users, he was supposed to enter in our VPN FQDN for this site in the "Group URLs" portion of the profile.  I stummpled across this and though..."That shouldn't be listed there.", so I removed it.  Once I did that, I was able to navigate to the same VPN page, regardless if I used the IP or FQDN.  

Weird that the ASA would redirect it's outside interface to that page just because it was located in a Connection Profile.

Thanks for the response back.
0
 

Author Comment

by:CoKzoo
ID: 33300823
Resolved my own issue.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month17 days, 11 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question