Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 467
  • Last Modified:

Cisco WebAuth appears to be blocking Skype application

Hi Guys
I have a straight forward implementation of Cisco WebAuth on a pilot site.  WebAuth for normal browsing seems to be working fine and the 2 concurrent session limit we have set works equally well.  However, when we try to use Skype it it cannot log in?  There's not ACL's that are blocking and cannot put my finger on the issue.  Any ideas?
Cheers!
0
OIWA
Asked:
OIWA
  • 3
1 Solution
 
avcontrolCommented:
This is the most common symptom. But you have to precise a bit more. Either the user is not redirected (i.e. he types a URL and never ends up going to the webauth page) either the user is redirected to 1.1.1.1 correctly but the page itself does not appear.
For the first situation, check that a valid DNS server has been assigned to the client via DHCP (“ipconfig /all”), check that the DNS is reachable from the client (‘nslookup www.google.com”), check that the user entered a valid URL in order to be redirected, check also that the user was going on a HTTP url on port 80 (for example, reaching an ACS with http://localhost:2002 will not get you redirected since you are sending on port 2002 instead of 80).
 
For the second situation, it is most likely either a WLC problem (bug) or a client-side problem. It could be that the client has some firewall or blocking software or policy. It could be that they have configured a proxy in their web browser …
 
Important thing here. It might be a good idea to take a sniffer trace on the client PC. No need for special wireless software, a simple wireshark ran on the wireless adapter will show you if at least the WLC is replying and trying to redirect. You have two possibilities : either WLC is not replying, either the SSL handshake for the webauth page is going wrong. For the second, you can check if the user browser allows for SSLv3 (some only do sslv2) and if it could be too aggressive on certificate verification.
 
It is a common step to try to manually type http://1.1.1.1 to check if the webpage appears without worrying about DNS. Actually, you could type http://6.6.6.6 and get the same effect. Any ip address you ask will be redirected by the WLC. So typing http://1.1.1.1 will actually not make you work around the web redirection. Typing httpS://1.1.1.1 will not work because WLC can redirect based on https traffic. Typing https://1.1.1.1/login.html IS actually the way to get the page directly without doing any redirection.
0
 
OIWAAuthor Commented:
Hi
WebAuth function and redirection is working fine, no problems there.  The user when authenticated is redirected to www.google.co.uk, also is working fine. Once logged in using WebAuth I can browse the Internet without any issues what so ever, no problems with anything in the normal browser.

As soon as I open Skype and try to log in it just sits there, it cannot authenticate at all.  I have tried the exact same machine on another Wireless LAN with WebAuth function and it works fine, no problem.  Back to Web Auth and Skype fails.  I have just taken a Wireshark Cap and will investigate.
Cheers!
0
 
OIWAAuthor Commented:
Sorry for the delay in updates.

As it turned out it wasn't an issue with the WLC or Web Auth at all, rather our Firewall.  We had configured a new NAT pool for the Guest Network and whilst HTTP traffic was being returned to us correctly HTTPS traffic was not due to a routing issues with our ISP.  One of the many pitfalls we have come across with this particular provider.
0
 
OIWAAuthor Commented:
Issue was resolved from packet captures we took as part of our trouble shooting process already on going.  The TCP sequence not completing for https [443] was a key indicator and lead us to trouble shoot the connectivity with the ISP.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now