Solved

Accessing Sharepoint 2010 Site Remotely using Cisco ASA Clientless VPN

Posted on 2010-08-31
2
4,768 Views
Last Modified: 2012-05-10
We have a Cisco ASA 5520 running IOS 8.2(1), which is set up for clientless VPN (WebVPN) for external access to a few Sharepoint sites.  We were using Sharepoint 2007 previously, and we didn't have any issues.  Now that we have upgraded our Sharepoint infrastructure to 2010, the sites won't load through clientless SSL VPN.  When I click on the link in the Bookmarks for SSL VPN, all I get is 'Page Could Not Be Displayed".  The Sharepoint 2010 sites work fine inside, and externally when connected with the AnyConnect client.  The Sharepoint 2007 sites still load through clientless VPN, as do any of the other websites we host internally, except for Sharepoint 2010.  I do not get any notifications via the syslog when the Sharepoint site doesn't load.

Anyone run into this problem and find a solution?  Cisco.com lists some incompatibilities with Sharepoint 2010, so perhaps this just doesn't work at all at current time?  Would like to know for sure though.  Thanks in advance for any assistance.
0
Comment
Question by:hachemp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Expert Comment

by:Zupreme
ID: 33571115
Please follow the following steps:

1) Identify the Hostname and the IP address of your SharePoint server.
2) Connect to the WebVPN and try connecting to SharePoint via IP address (i.e. http://192.168.x.x/default.aspx)
3a) If step 2 was successful, log into your ASA and configure the DNS settings for WebVPN, and ensure that you have an Access list that will allow DNS traffic
3b) If step 2 was unsuccessful, log into your ASA and ensure that you have an Access list that will allow HTTP/HTTPS, and ICMP between your WebVPN clients and your internal network.  Also disable NAT translation between the two networks.
0
 

Accepted Solution

by:
hachemp earned 0 total points
ID: 33572091
Thanks Zupreme, I attempted to try what you suggested, however, Sharepoint uses host headers, so even inside the network, the Sharepoint site will not load by IP address...it needs the full DNS entry.  I have not specifically added any settings for DNS for Clientless connections, but all other DNS resolves through the Clientless VPN, so I wouldn't think it was a problem with DNS, except....

I actually got it to work by enabling the Smart Tunnel option on that particular bookmark, but here's the catch: our internal DNS doesn't seem to work with Smart Tunneling.  The bookmarks that worked fine when not smart tunnelled, now are using external (internet) DNS once the smart tunnel option is enabled.  This is a problem as we don't actually own the external domain name corresponding with our internal domain name (sucks).  So to get it to work, our Sharepoint admin set up the Sharepoint site to be accessed by a port number, so my bookmark was (for example): 10.1.1.2:32784.  This works to get me to the Sharepoint site home page, but since Sharepoint wants host headers, a lot of the content on the page would not load correctly.

So now I'm trying to figure out why our internal DNS stops functioning once the bookmarks are configured with the Smart Tunnel option.  Any ideas?  Thanks again, I really appreciate the help on this.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2-Factor authentication VPN for staff and suppliers 6 53
adjusting startup config 6 54
WLC and radius 4 29
REST call Failing 1 13
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question