RE: Cisco SSL VPN client

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 20 Oct 2005 09:19:49 -0500

I guess I should also add that the Cisco SSL VPN sludgeware also
installs a local host proxy listener. 

 

> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Wednesday, October 19, 2005 8:52 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Cisco SSL VPN client
> 
> http://www.ISAserver.org
> 
> Hey folks,
> 
> Anyone have any experience with the Cisco SSL VPN client 
> connecting to a
> Cisco VPN server when the client is behind an ISA firewall 
> and the Cisco
> SSL VPN server is behind god knows what?
> 
> From the tests of done so far:
> 
> ===========================
> Web proxy client ONLY configuration does NOT work 
> 
> Firewall client ONLY configuration does NOT work
> 
> Web proxy AND Firewall client configuration does NOT work
> 
> Web proxy and SecureNAT configuration DOES work
> 
> Firewall client and SecureNAT configuration DOES work
> 
> Firewall client, Web proxy client and SecureNAT client configuration
> DOES work
> ===========================
> 
> The Web proxy log file shows SSL connection failed with a 995 
> reported.
> The Firewall client doesn't even intercept the request, at least from
> what I see in the Sessions tab of the console
> 
> An example of what happens with the Web proxy filter connection is the
> line below:
> Original Client IP    Authenticated Client    Service Server Name
> Referring Server      Destination Host Name   MIME Type       Object
> Source        Source Proxy    Destination Proxy       
> Bidirectional Client
> Host Name     Network Interface       Raw IP Header   Raw Payload
> Source Port   Processing Time Bytes Sent      Bytes Received  Cache
> Information   Log Time        Client IP       Destination IP
> Transport     Destination Port        Protocol        Action  Rule
> Client Username       URL     Source Network  Destination 
> Network       HTTP
> Method        Filter Information      Error Information       
> Result Code
> Log Record Type       Client Agent    HTTP Status Code
> 0.0.0.0       No      Proxy   CELESTIX-H5L4CS         webvpn.fsba.com
> Internet      -       -               -       -       -       -
> 0     0       105978  1464    0x0     10/19/2005 7:25:58 PM
> 192.168.1.71  216.226.999.999 TCP     443     SSL-tunnel      Failed
> Connection Attempt    All Open Servers        anonymous
> webvpn.noneya.com:443 Internal        External
> 0x9           Web Proxy Filter        Mozilla/4.0 (compatible; MSIE
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)  995 
> ==============================
> 
> Firewall policy is All Open from source to destination network.
> Web proxy filter is unbound from the HTTP protocol
> 
> Hints, tips, tricks, guesses or anything appreciated.
>  
> 
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/> 
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
> MVP -- ISA Firewalls
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
>

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2005