Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4909
  • Last Modified:

Accessing Sharepoint 2010 Site Remotely using Cisco ASA Clientless VPN

We have a Cisco ASA 5520 running IOS 8.2(1), which is set up for clientless VPN (WebVPN) for external access to a few Sharepoint sites.  We were using Sharepoint 2007 previously, and we didn't have any issues.  Now that we have upgraded our Sharepoint infrastructure to 2010, the sites won't load through clientless SSL VPN.  When I click on the link in the Bookmarks for SSL VPN, all I get is 'Page Could Not Be Displayed".  The Sharepoint 2010 sites work fine inside, and externally when connected with the AnyConnect client.  The Sharepoint 2007 sites still load through clientless VPN, as do any of the other websites we host internally, except for Sharepoint 2010.  I do not get any notifications via the syslog when the Sharepoint site doesn't load.

Anyone run into this problem and find a solution?  Cisco.com lists some incompatibilities with Sharepoint 2010, so perhaps this just doesn't work at all at current time?  Would like to know for sure though.  Thanks in advance for any assistance.
0
hachemp
Asked:
hachemp
1 Solution
 
ZupremeCommented:
Please follow the following steps:

1) Identify the Hostname and the IP address of your SharePoint server.
2) Connect to the WebVPN and try connecting to SharePoint via IP address (i.e. http://192.168.x.x/default.aspx)
3a) If step 2 was successful, log into your ASA and configure the DNS settings for WebVPN, and ensure that you have an Access list that will allow DNS traffic
3b) If step 2 was unsuccessful, log into your ASA and ensure that you have an Access list that will allow HTTP/HTTPS, and ICMP between your WebVPN clients and your internal network.  Also disable NAT translation between the two networks.
0
 
hachempAuthor Commented:
Thanks Zupreme, I attempted to try what you suggested, however, Sharepoint uses host headers, so even inside the network, the Sharepoint site will not load by IP address...it needs the full DNS entry.  I have not specifically added any settings for DNS for Clientless connections, but all other DNS resolves through the Clientless VPN, so I wouldn't think it was a problem with DNS, except....

I actually got it to work by enabling the Smart Tunnel option on that particular bookmark, but here's the catch: our internal DNS doesn't seem to work with Smart Tunneling.  The bookmarks that worked fine when not smart tunnelled, now are using external (internet) DNS once the smart tunnel option is enabled.  This is a problem as we don't actually own the external domain name corresponding with our internal domain name (sucks).  So to get it to work, our Sharepoint admin set up the Sharepoint site to be accessed by a port number, so my bookmark was (for example): 10.1.1.2:32784.  This works to get me to the Sharepoint site home page, but since Sharepoint wants host headers, a lot of the content on the page would not load correctly.

So now I'm trying to figure out why our internal DNS stops functioning once the bookmarks are configured with the Smart Tunnel option.  Any ideas?  Thanks again, I really appreciate the help on this.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now