Solved

Cisco Clientless VPN and Java

Posted on 2014-01-02
2
1,123 Views
Last Modified: 2014-01-13
Hello all,

I am turning a clientless VPN and ran into an issue.  I am able to get to the encripted web page and log in, but unable to launch a program that uses Java (jar files). When launched it just stays at "downloading application".    

I added javaw.exe to the smart tunnel application list, but it still does not launch.


Thank you
0
Comment
Question by:thecookman
2 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 39753224
I guess you're talking about a Java applet. What does the Java console say? Have you also looked at the operating system logs?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39753689
You may want to check out this

http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/vpn_web.html#wp1077336

If JRE 1.4.x is running and the user authenticates with a digital certificate, the application fails to start because JRE cannot access the web browser certificate store.

Because port forwarding requires downloading the Java applet and configuring the local client, and because doing so requires administrator permissions on the local system, it is unlikely that users will be able to use applications when they connect from public remote systems.

Neither port forwarding nor the ASDM Java applet work with user authentication using digital certificates. Java does not have the ability to access the web browser keystore. Therefore Java cannot use certificates that the browser uses to authenticate users, and the application cannot start.

http://www.cisco.com/en/US/docs/security/asdm/6_2/user/guide/vpn_web.html#wp1121595

General Requirements and Limitations
•Smart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.
•The browser must be enabled with Java, Microsoft ActiveX, or both.
•Smart tunnel supports only proxies placed between computers running Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

Windows Requirements and Limitations
•Users of Microsoft Windows Vista who use smart tunnel or port forwarding must add the URL of the ASA to the Trusted Site zone. To access the Trusted Site zone, they must start Internet Explorer and choose the Tools > Internet Options > Security tab. Vista users can also disable Protected Mode to facilitate smart tunnel access; however, we recommend against this method because it increases vulnerability to attack.

Installing Plug-ins Redistributed by Cisco
To retrieve a plug-in redistributed by Cisco and import it into the security appliance, perform the following steps:
Step 1      Create a temporary directory named plugins on the computer you use to establish ASDM sessions with the security appliance.
Step 2      Download the plug-ins you want from the Cisco website to the plugins directory.
Step 3      Choose Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Client-Server Plug-ins.
This pane displays the plug-ins that are available to clientless SSL sessions.
Step 4      Click Import.


Others: Procedures Used to Troubleshoot

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml#veri
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Router DMZ 5 57
Cisco ASA inside & outside to same switch 3 40
cradle point vpn to sonicwall 5 47
Palo Alto Networks: View Tunnel packet counts? 2 4
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now