Solved

Accessing Sharepoint 2010 Site Remotely using Cisco ASA Clientless VPN

Posted on 2010-08-31
2
4,738 Views
Last Modified: 2012-05-10
We have a Cisco ASA 5520 running IOS 8.2(1), which is set up for clientless VPN (WebVPN) for external access to a few Sharepoint sites.  We were using Sharepoint 2007 previously, and we didn't have any issues.  Now that we have upgraded our Sharepoint infrastructure to 2010, the sites won't load through clientless SSL VPN.  When I click on the link in the Bookmarks for SSL VPN, all I get is 'Page Could Not Be Displayed".  The Sharepoint 2010 sites work fine inside, and externally when connected with the AnyConnect client.  The Sharepoint 2007 sites still load through clientless VPN, as do any of the other websites we host internally, except for Sharepoint 2010.  I do not get any notifications via the syslog when the Sharepoint site doesn't load.

Anyone run into this problem and find a solution?  Cisco.com lists some incompatibilities with Sharepoint 2010, so perhaps this just doesn't work at all at current time?  Would like to know for sure though.  Thanks in advance for any assistance.
0
Comment
Question by:hachemp
2 Comments
 
LVL 4

Expert Comment

by:Zupreme
ID: 33571115
Please follow the following steps:

1) Identify the Hostname and the IP address of your SharePoint server.
2) Connect to the WebVPN and try connecting to SharePoint via IP address (i.e. http://192.168.x.x/default.aspx)
3a) If step 2 was successful, log into your ASA and configure the DNS settings for WebVPN, and ensure that you have an Access list that will allow DNS traffic
3b) If step 2 was unsuccessful, log into your ASA and ensure that you have an Access list that will allow HTTP/HTTPS, and ICMP between your WebVPN clients and your internal network.  Also disable NAT translation between the two networks.
0
 

Accepted Solution

by:
hachemp earned 0 total points
ID: 33572091
Thanks Zupreme, I attempted to try what you suggested, however, Sharepoint uses host headers, so even inside the network, the Sharepoint site will not load by IP address...it needs the full DNS entry.  I have not specifically added any settings for DNS for Clientless connections, but all other DNS resolves through the Clientless VPN, so I wouldn't think it was a problem with DNS, except....

I actually got it to work by enabling the Smart Tunnel option on that particular bookmark, but here's the catch: our internal DNS doesn't seem to work with Smart Tunneling.  The bookmarks that worked fine when not smart tunnelled, now are using external (internet) DNS once the smart tunnel option is enabled.  This is a problem as we don't actually own the external domain name corresponding with our internal domain name (sucks).  So to get it to work, our Sharepoint admin set up the Sharepoint site to be accessed by a port number, so my bookmark was (for example): 10.1.1.2:32784.  This works to get me to the Sharepoint site home page, but since Sharepoint wants host headers, a lot of the content on the page would not load correctly.

So now I'm trying to figure out why our internal DNS stops functioning once the bookmarks are configured with the Smart Tunnel option.  Any ideas?  Thanks again, I really appreciate the help on this.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question