Download of documents via SSL VPN problems

Hello

We have customers from downloading documents (usually less than 3 MB in size from PDF files) to a web (using http only) interface on an internal web server. They customers are using the latest version of AnyConnect for windows and connecting to an ASA5510 running the latest firmware of 8.3. They connect from their home network on a cable or DSL connection.

I disabled the detection of threats and you don't see anything blocked by the firewall. What are our user seems to work perfectly.

I ran a packet capture with wireshark and noticed a lot of packet loss. I have attached a screenshot.

Any advice would be greatly appreciated.

Is it possible that there is another cause of network problem?

Check the settings for duplex/top speed of Web server, check the errors of interface on the ports, etc. Duplicate acknowledgments are caused by lost packets, out-of-order packets, etc.

Tags: Cisco Security

Similar Questions

Installation of SSL VPN problem

Hi all

I am setting up a SSL VPN on our ASA 5510 using the Secure Mobility client. After working through several problems, I was able to get the test server to download and install the Linux client, and he says that it is connected. When I try to ping any server in the LAN, however, the first ping is responded to and the rest of out time. On the firewall, I see a stream of errors like this:

October 11, 2014

16:12:58

SRV1

172.16.40.185

Refuse icmp incoming outside CBC: SRV1 outside dst: 172.16.40.185 (type 0, code 0)

split tunneling seems to work fine, I can access the Internet yet, but any attempt to reach a server in the LAN will expire.

Now I have had this before working with a Windows and a Mac client, but removed this configuration and (I thought) completely recreated when I updated the anyconnect images to include an image of linux. Now I get this same problem with all 3 platforms.

Can anyone advise me on what I may be missing or that I can provide to diagnose the problem?

ASA is running v8.2 (5)

I followed this guide to set up: http://www.techrepublic.com/blog/data-center/eight-easy-steps-to-cisco-a...

Thank you!

Ok thank you.

If your clients are assigned addresses of:

mask 172.16.40.185 - 172.16.40.190 255.255.252.0 IP local pool VPNTestPool

You have exempted from this pool of NAT with the last entry in your acl sheep:

access-list sheep extended permits all ip 172.16.40.184 255.255.255.248

A potential problem I see is that the pool is a subnet dug into your internal network:

IP 172.16.40.2 255.255.252.0

The ASA believe hosts on this subnet to be connected, and your heart can be confused on the way forward.

In addition, I don't see where you set the

 sysopt connection permit-vpn

.. .command recommended in the configuration guide you followed.

Also. in the first packet - trace, the source for client VPN traffic must be outside, not inside.

URL via SSL VPn access

Dear members

Please see the diagram for an easy understanding of the issue.

I am facing a problem with the SSL VPN configured on ASA 5520. Here's the simple network topology.

customer has an ERP server inside the segment, which is runniing Apche / Tomcat 5.5 and listening on port 8204.Complete URL to access the installed application is

http://192.168.2.1:8204 / system/servlet/login

ASA connects to a router in parameter, which has a configured AS VPN remote access. Cisco VPN client users can access this URL easily when they connect via VPN, also if I create a static translation for this IP 192.168.2.1, the full URL is accessible from the outside, but the problem of SSl VPN, when I enter the URL, nothing appears, and Session expires, however if I just enter http://192.168.2.1:8204 , Apache /Tomcat Page opens menas through SSL VPN can I reach the web server running on 192.168.2.1, but this particular URL is not accessible.

Here apache on the ERP server is listening on a nonstandard port, which could be the reason, I need to create a forwarding port or "smart."

I already tried with port forwarding, but that has not solved the problem.

All entries from your side will be highly appreciated.

Thank you

Ahad

Hi Ahad,

When you access the server ( http://192.168.2.1:8204 / system/servlet/connectionURL) from the inside, the URL in the browser address bar remains the same? Or it redirects?

On the login page is a java applet?

Now, there are several things to try:

-do a "view page source" on the work (internal or via IPsec vpn) login page and again on the default (via webvpn) page and compare - that provides any suspicion?

-You can install a software like Charles SSL Proxy (http://www.charlesproxy.com/ - note this is not a product of Cisco, or approved by Cisco) to see exactly what is happening above the SSL tunnel (i.e. it will show you the HTTP request in the browser to the server and the response.) Again, you can do this for both a job and the absence of case to compare.

-as a possible solution: create a bookmark HTTP on the portal of this URL and select "smart tunnel" for her.

HTH

Herbert

SSL VPN problems with Internet Explorer

Well, first of all, you need 64-bit to run Internet Explorer web based VPN devices in the SA500 series (we use SA540). After that we thought that out, we cannot always past SSL VPN Client install on client computers. It keeps reloading the Web page or simply nothing at all. Any ideas?

In addition, that the CA guys do you use SSL VPN? GoDaddy certificates are not compatible, as I just discovered the hard way.

Hi Qasim,

The question seems to be more localized with windows blocks everything. I actually spent much time working on this yesterday to finally make it work with a 64 bit vista and a window 7 64 bit machines.

The few details that I did have some success;

Tools-> Internet Options-> security-> trust Sites
- Move down
- Disable protected mode
- Click sites, and then add the SSL VPN page to become a member of trust
- When adding the trusted site, uncheck 'require a server secure for all sites in this zone.
Tools-> Internet Options-> Advanced-> Security section
- Select "Allow downloads to run or install even if the signature is not valid"
In addition, you must download Microsoft Visual C++ Distribution 2010 and ensure that you are running the latest version of Java.

These are the things I had to do to allow Windows to allow me to connect. I hope it has some help for you.

-Tom

Unable to download a document via taskflow WebCenter
Hi all

I am using UCM as content repository. Connection works fine. WebCenter Taskflow shows documents already uploaded (via the University Complutense of MADRID). It-error trying to download the file via WebCenter Taskflow. I am getting following error.

Event generated by the user 'sysadmin' to host 'CIS '. Content element (null)' was not archived successfully. The content ID must be specified.

When I downloaded the doc at the University Complutense of MADRID, I know I'd give a content id. I don't know, how to assign by WebCenter taskflow. The taskflow has only two parameters, name of repository content and the root directory.

Does anyone know what that set up must be made on the side UCM to taskflow works correctly?

Thanks in advance.
Umesh
By default, a content server is configured to require a content id. If you wish, you can configure the content server to automatically generate the id of content for you in the background.

Log in to the content server as a sysadmin. Under the Administration menu, select Server administrator. This will open a new window. Click the button in the middle of the page with the name of the instance to this topic. Then, on the left side you should see a link called General Setup. This page is a check box that you select to make the server auto generate the content id record. Turn it back on.

Then try your payment again.

ASA SSL VPN problem with 8.2 (2)

Hello everyone,

I have a couple of ASA 5520 image 8.2 (1) running in active failover mode / standby.

A few months ago, I downloaded the 8.2 (2) on the cisco website and charge to the ASA.
After loading the new image, they called me for problems
functioning of the application of webvpn.

The web app seems to work, but in a mode of read-only, because you could not

change the content of the files.

I couldn't find a way to make it work, so I decided to downgrade to 8.2 (1).
and as I loaded it the old image, the problem disappeared.

Now I see that it is available the image 8.2 (3).
To avoid the risk of hard work I tetsted on a piece of spare 5510, and with the disappoint, I found
the problem was the same.

Everyone is facing such a problem or can suggest me how to solve?

Thanks in advance.

Marco.

Can you please provide more details about what application does not work through WebVPN interface without client? Have you tried to activate Smart Tunneling for this application?

pdf file downloaded to convert word doc now cannot download converted documents ", what's the problem?

How can I download a downloaded document Traoré was converted from pdf to word doc?

Hi awogboy67,

In order to download the converted file, you need to connect to https://files.acrobat.com/ using your identification code Adobe then, you must click on "Files" and it will show you the converted files. Select the file, and then the snapshot on the download icon. Please refer to the screenshot below:

AnyConnect SSL VPN Split tunneling problem

Hello

We have home users that VPN in on a regular basis, but when they VPN in they cannot print locally or to connect to local resources. Is there a way to activate the split for all remote users VPN tunneling? It is not possible to add all the remote subnets, especially since I don't know which subnets are used and it would be a question of management. I noticed that when I connect to the House a new route is added to my PC, who prefers the VPN link.

I noticed one of the options with the client Anyconnect is 'enable local LAN access (if configured) '. Can I use?

Thanks in advance.

Hello

According to my understanding, you need to connect to your local printers while you are connected to the ASA via SSL VPN.

You can do this by creating a policy of exclusion of tunnel split on SAA and the local lan access on the client option, or you can use the profile AnyConnect allowing local lan access.

Please find the link below: -.

https://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080702992.shtml#dsfg

I hope it helps.

Thank you

Shilpa

SSL - VPN can not connect - Windows 10

Hello

Our office has a SonicWall TZ105, with a more recent firmware, and now with Windows 10, we are unable to connect via SSL - VPN. The user name and password are correct, and I can connect with the Android app. But in Windows 10, I tried the MobileConnect App, the more recent mysonicwall NetExtender, used the terminal to create the VPN connection and just manually made a VPN connection and nothing works.

The President of our company just got a new laptop and there 10 Windows, and I'm hitting a wall in the world, but need to get its connected to our office.

Other VPN connections to other VPN servers work on this laptop, but not at our office. He used to work with the same settings of router on Windows 7.

Each different method of connection attempt is to give a different error. The more strange to me, it's "the specified port is already open." But there is no other connection to that port, and I am still able to connect using my phone.

Any ideas? Thanks in advance!

I was able to solve the problem using the NetExtender 7.0.203, version downloaded from mysonicwall.com. It was the only version (back to 5.0.?) that has been successfully can connect to our TZ105 with a laptop Win10 with all updates.

I hope this helps someone else, I was pretty nearly pulling my hair out...

SSL VPN - ASA - Active Directory LDAP

Hello

Scenario: ASA 8.0 (3) running SSL VPN for remote users. LDAP also authenticates access and connect to the ASA.

For some reason any (we had a power failure, but the problem may be caused by other reasons as well), I can not connect to the ASA, as my login ID does not work, and remote users get connection error when trying to authenticate via SSL VPN web gui.

I have rebooted the ASA and AD without any change in the situation. This service worked very well before and the problem happened suddenly. No one has all the changes for the configs. Customer do not have a backup configuration. Any suggestion on what would be the best next action to solve this problem? I'm not expert on the Microsoft LDAP configuration, and if anyone knows where I can check in Microsoft windows server 2003 for the possible LDAP problem, that would be greatly appreciated.

Thank you

rdianat

the ldap bind account is just a normal user account. He didn't need even administrative permissions. If you want to use ldap for password changes he needs to password change permissions, but otherwise just a normal user account - make sure it cannot be locked in AD or the password never expires none of this things. you will see the name of the ldap account in the config of the SAA.

LDAP-login-password *.

LDAP-connection-dn *.

Unable to connect to the internal network of SSL VPN

Setting the time first ASA 5512 and I did a lot of research to solve my problem but no luck. I really appreciate if I can get help.

After having successfully connected to ASA via SSL VPN. I am only able to ping to the outside interface (10.2.11.4).

Please check my config and I would like to know what the problem is. Thank you

: Saved
:
ASA 9.1 Version 2
!
hostname asa-01
domain corporate.local
activate t8tpEme73dn9e0.9 encrypted password
volatile xlate deny tcp any4 any4
volatile xlate deny tcp any4 any6
volatile xlate deny tcp any6 any4
volatile xlate deny tcp any6 any6
volatile xlate deny udp any4 any4 eq field
volatile xlate deny udp any4 any6 eq field
volatile xlate deny udp any6 any4 eq field
volatile xlate deny udp any6 any6 eq field
t8tpEme73dn9e0.9 encrypted passwd
names of
sslvpn-ip-pool 10.255.255.1 mask - 255.255.255.0 IP local pool 10.255.255.100
!
interface GigabitEthernet0/0
nameif outside
security-level 50
IP 10.2.11.4 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
IP 10.2.255.18 255.255.255.248
!
interface GigabitEthernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
management only
nameif management
security-level 0
IP 192.168.1.1 255.255.255.0
!
boot system Disk0: / asa912-smp - k8.bin
passive FTP mode
clock timezone STD - 7
clock to summer time recurring MDT
DNS domain-lookup outside
DNS lookup field inside
DNS server-group DefaultDNS
Server name 10.2.9.23
10.2.1.1 server name
Server name 10.2.9.24
domain corporate.local
network of Trusted subject
10.2.0.0 subnet 255.255.0.0
the object to the outside network
10.2.11.0 subnet 255.255.255.0
network ss object
10.2.11.0 subnet 255.255.255.0
network of the VPNlocalIP object
10.255.255.0 subnet 255.255.255.0
the object of the LAN network
10.2.9.0 subnet 255.255.255.0
network of the VPN-INSIDE object
subnet 10.2.255.16 255.255.255.248
tcp4433 tcp service object-group
port-object eq 4433
standard access list permits 10.2.255.16 SPLIT-TUNNEL 255.255.255.248
standard access list permits 10.2.11.0 SPLIT-TUNNEL 255.255.255.0
host of access TUNNEL of SPLIT standard allowed 10.2.9.0 list
global_access list extended access allowed object VPNlocalIP object LAN ip
global_access list extended access permitted ip LAN VPNlocalIP object
pager lines 24
Enable logging
asdm of logging of information
host of logging inside the 10.2.8.8
Debugging trace record
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 713.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
Static NAT to destination for LAN LAN static VPNlocalIP VPNlocalIP source (indoor, outdoor)
Access-Group global global_access
Route outside 0.0.0.0 0.0.0.0 10.2.11.1 1
Route inside 10.2.0.0 255.255.0.0 10.2.255.17 1
Route inside 10.255.255.0 255.255.255.0 10.2.255.17 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
CA-Kerberos kerberos protocol AAA-server
CA-Kerberos (inside) host 10.2.9.24 AAA-server
Corp.PRI Kerberos realm
identity of the user by default-domain LOCAL
the ssh LOCAL console AAA authentication
http server enable 4431
http 192.168.1.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 outside
redirect http inside 80
redirect http outside 80
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
Keypairs 4151
Proxy-loc-transmitter
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint1
Terminal registration
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint2
Terminal registration
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint3
Terminal registration
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint4
Terminal registration
name of the object CN = vpn.corp.com
ASA_PKC_One key pair
Configure CRL
trustpool crypto ca policy

IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 activate out of service the customer port 443
Telnet timeout 15
SSH 10.2.0.0 255.255.0.0 inside
SSH timeout 15
SSH group dh-Group1-sha1 key exchange
Console timeout 0
outside access management
management of 192.168.1.2 - dhcpd addresses 192.168.1.10
enable dhcpd management
!
a basic threat threat detection
host of statistical threat detection
statistical threat detection port
Statistical threat detection Protocol
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 10.2.9.23 source outdoors
SSL cipher aes128-sha1-3des-sha1
management of SSL trust-point ASDM_TrustPoint4
SSL-trust outside ASDM_TrustPoint4 point
SSL-trust ASDM_TrustPoint4 inside point
WebVPN
allow outside
No anyconnect essentials
AnyConnect image disk0:/anyconnect-win-3.1.04063-k9.pkg 1
AnyConnect enable
tunnel-group-list activate
list of chip-tunnel TerminalServer mstsc.exe Terminal windows platform
attributes of Group Policy DfltGrpPolicy
value of server DNS 10.2.9.23
L2TP ipsec VPN-tunnel-Protocol ikev1
field default value corp.com
WebVPN
value of customization DfltCustomization
internal group CA-SSLVPN-TEST strategy
attributes of CA-SSLVPN-TEST-group policy
WINS server no
value of server DNS 10.2.9.23
client ssl-VPN-tunnel-Protocol
field default value corp.com
internal group CA-CLIENTLESS-TEST strategy
attributes of group CA-CLIENTLESS-TEST policy
clientless ssl VPN tunnel-Protocol
WebVPN
value of URL-list of the contractors list
chip-tunnel enable TerminalServer
ssluser nS2GfPhvrmh.I/qL encrypted password username
username ssluser attributes
Group-VPN-CA-SSLVPN-TEST strategy
client ssl-VPN-tunnel-Protocol
group-lock AnySSLVPN-TEST value
type of remote access service
username admin privilege 15 encrypted password f4JufzEgsqDt05cH
cluser 3mAXWbcK2ZdaFXHb encrypted password username
cluser attributes username
Group-VPN-CA-CLIENTLESS-TEST strategy
clientless ssl VPN tunnel-Protocol
value of locking group OLY-Clientless
type of remote access service
attributes global-tunnel-group DefaultRAGroup
Group-CA LOCAL Kerberos authentication server
tunnel-group DefaultRAGroup webvpn-attributes
CA-ClientLess-portal customization
attributes global-tunnel-group DefaultWEBVPNGroup
sslvpn-pool ip address pool
Group-CA LOCAL Kerberos authentication server
tunnel-group DefaultWEBVPNGroup webvpn-attributes
CA-ClientLess-portal customization
remote access to tunnel-group AnySSLVPN-TEST type
tunnel-group AnySSLVPN-TEST general attributes
sslvpn-pool ip address pool
CA-group-Kerberos authentication server
CA-SSLVPN-TEST of the policy by default-group
tunnel-group AnySSLVPN-TEST webvpn-attributes
OLY-portal customization
Disable Group-alias AnySSLVPN-TEST
Disable AnySSLVPN-TEST-group-alias aliases
OLY-SSLVPN disable group-alias
enable SSLVPN group-alias
type tunnel-group OLY-Clientless Remote access
OLY-Clientless General attributes tunnel-group
CA-group-Kerberos authentication server
Group Policy - by default-CA-CLIENTLESS-TEST
OLY-Clientless webvpn-attributes tunnel-group
CA-ClientLess-portal customization
try to master timeout NBNS-server 10.2.9.23 2 2
Group-alias Clientless enable
Group-aka cl disable

!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
class class by default
Statistical accounting of user
!
global service-policy global_policy
context of prompt hostname
anonymous reporting remote call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group 3 monthly periodic inventory
Subscribe to alert-group configuration periodic monthly 3
daily periodic subscribe to alert-group telemetry
Cryptochecksum:ceea6b06a18781a23e6b5dde6b591704
: end
ASDM image disk0: / asdm - 713.bin
don't allow no asdm history

Hello

I'm glad to hear it works

Please do not forget to mark a reply as the right answer or useful answers to rate

-Jouni

ACL and anyconnect ssl vpn

Hello world

I was testing the few things at my lab at home.

PC - running ssl vpn - sw - router - ISP - ASA (anyconnect ssl)

AnyConnect ssl works very well and I am also able to access the internet.

I use full tunnel

I have ACLs on the external interface of the ASA

1 True any any intellectual property Deny 0 By default []

I know that the ACL is used to traffic passing by ASA.

I need to understand the flow of traffic for internet via ssl vpn access. ?

Concerning

MAhesh

As you correctly say, the ACL interface is not important for that because the VPN traffic is not inspected by the ACL. Of the at least not by default.

You can control the traffic with a different ACL that is applied to the group policy with the command "vpn-filter". And of course you need a NAT rule that translates your traffic when running to the internet. This rule should work on the pair of interface (outside, outside).

images of the SSL vpn-html-content filtering

Hello

I'm trying to do content filtering via ssl VPN (clientless) on ASA 5505

Above command is supposed to block anything with the html img tag, but it seems not to do.

# sh run Group Policy

Group without internal customer-grp-policy policy

attributes without customer-grp-policy-group policy

value of server DNS 8.8.8.8

VPN-tunnel-Protocol webvpn

Split-tunnel-policy tunnelall

WebVPN

bookmark URL-list value

filtering the content-HTML-java images cookies

SVC request to enable default webvpn

#sh run tunnel-group

Remote clientless-tunnel tunnel-group type

attributes global-tunnel-group clientless-tunnel

without client group policy - by default-grp-policy

tunnel-group clientless-tunnel webvpn-attributes

Group-alias clientless-alias enable

What I'm missing here? or am I just misunderstood how it works?

Thank you!

Hello

How it works for you?

HTML-content-filter

Thank you.

Portu.

Issue of SSL Vpn client'

you are not sure if it's possible/Device asa 5550 - but a customer can establish SSL VPN to the remote network and devices on the local network to access remote network printers?

so you have a network client that creates an SSL VPN to network B network B configurable so that the automatic work met the same vpn ssl to a different IP address?

I don't know if its just me, but I don't understand what you mean with that:

so you have a network client that creates an SSL VPN to network B network B configurable so that the automatic work met the same vpn ssl to a different IP address?

You can try to explain once more?

Now I think tell you the following, please look at this:

HQ - ASA - INTERNET - office2

Now the office2 will a clientless vpn SSL to the ASA and subsequently, you want HQ in order to communicate with certain printers or servers to Desktop 2 via SSL vpn without customer... If that's the question the answer is no. clientless vpn SSL will only allow traffic to go from office2 at HQ and not all traffic , this will depend on which allows you to configure the clientless ssl (Smart tunnels, Port-forwarding, Plugins).

Yet once I don't know if that is the question.

Kind regards

Julio

Note all useful posts

VPN site to Site and SSL VPN

Hey guys,.

I'm working on a solution. I have a Home Office with my data center being there while my DR site is my plant and she nearly 20 users. I have a third place, which is a branch offices with only 2 people.

I intend to deploy a VPN Site to Site between the data center and DR Site while branches can connect via SSL VPN. Please confirm whether this solution is viable or not. Where do I go to a Site for the office too.

Thank you

If we knew more about your environment so we might be able to give more complete answers. But base on what you've described, I believe that a VPN site-to site between the data center and the disaster recovery site and VPN for remote access of the branch is an appropriate solution.

HTH

Rick

Download of documents via SSL VPN problems

Similar Questions

Maybe you are looking for