Solved

Accessing Sharepoint 2010 Site Remotely using Cisco ASA Clientless VPN

Posted on 2010-08-31
2
4,809 Views
Last Modified: 2012-05-10
We have a Cisco ASA 5520 running IOS 8.2(1), which is set up for clientless VPN (WebVPN) for external access to a few Sharepoint sites.  We were using Sharepoint 2007 previously, and we didn't have any issues.  Now that we have upgraded our Sharepoint infrastructure to 2010, the sites won't load through clientless SSL VPN.  When I click on the link in the Bookmarks for SSL VPN, all I get is 'Page Could Not Be Displayed".  The Sharepoint 2010 sites work fine inside, and externally when connected with the AnyConnect client.  The Sharepoint 2007 sites still load through clientless VPN, as do any of the other websites we host internally, except for Sharepoint 2010.  I do not get any notifications via the syslog when the Sharepoint site doesn't load.

Anyone run into this problem and find a solution?  Cisco.com lists some incompatibilities with Sharepoint 2010, so perhaps this just doesn't work at all at current time?  Would like to know for sure though.  Thanks in advance for any assistance.
0
Comment
Question by:hachemp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Expert Comment

by:Zupreme
ID: 33571115
Please follow the following steps:

1) Identify the Hostname and the IP address of your SharePoint server.
2) Connect to the WebVPN and try connecting to SharePoint via IP address (i.e. http://192.168.x.x/default.aspx)
3a) If step 2 was successful, log into your ASA and configure the DNS settings for WebVPN, and ensure that you have an Access list that will allow DNS traffic
3b) If step 2 was unsuccessful, log into your ASA and ensure that you have an Access list that will allow HTTP/HTTPS, and ICMP between your WebVPN clients and your internal network.  Also disable NAT translation between the two networks.
0
 

Accepted Solution

by:
hachemp earned 0 total points
ID: 33572091
Thanks Zupreme, I attempted to try what you suggested, however, Sharepoint uses host headers, so even inside the network, the Sharepoint site will not load by IP address...it needs the full DNS entry.  I have not specifically added any settings for DNS for Clientless connections, but all other DNS resolves through the Clientless VPN, so I wouldn't think it was a problem with DNS, except....

I actually got it to work by enabling the Smart Tunnel option on that particular bookmark, but here's the catch: our internal DNS doesn't seem to work with Smart Tunneling.  The bookmarks that worked fine when not smart tunnelled, now are using external (internet) DNS once the smart tunnel option is enabled.  This is a problem as we don't actually own the external domain name corresponding with our internal domain name (sucks).  So to get it to work, our Sharepoint admin set up the Sharepoint site to be accessed by a port number, so my bookmark was (for example): 10.1.1.2:32784.  This works to get me to the Sharepoint site home page, but since Sharepoint wants host headers, a lot of the content on the page would not load correctly.

So now I'm trying to figure out why our internal DNS stops functioning once the bookmarks are configured with the Smart Tunnel option.  Any ideas?  Thanks again, I really appreciate the help on this.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In case you ever have to remove a faulty web part from a page , add the following to the end of the page url ?contents=1
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question