I followed the Cisco instruction to setup webvpn On an ASA 5510 and tested it. I can access our web site. If I type the 192.168.0.230/tsweb. The Remote Desktop Web Connection displays, but I can't access TSWeb. The message is Problems with this Web page might prevent it from being display properly of function properly. The details are:
Line: 343
Char: 1
Error: Object doesn’t support this properly or method.
The line 343 is 'Connect
I did forward the port 3389 to 192.168.0.230. Any suggestions?
ASA Version 7.0(5)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password BXdBI/nCX9W8gnaT encrypted
no names
name 192.168.0.114 Consult
name 192.168.102.0 DMZ
name 192.168.0.213 Color
name 192.168.0.117 Outer
name 192.168.0.230 USA
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.37 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.0.250 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.102.250 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
same-security-traffic permit intra-interface
access-list tac extended permit ip any host 209.116.241.10
access-list tac extended permit ip host 209.116.241.10 any
access-list out_to_inside extended permit tcp any host x.x.x.34 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001
access-list out_to_inside extended permit icmp any any
access-list out_to_inside extended permit tcp any host x.x.x.35 eq www
access-list out_to_inside extended permit tcp any host x.x.x.38 eq www
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.36 eq pptp
access-list out_to_inside extended permit gre any host x.x.x.36
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.38 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.36 eq www
access-list Inside_nat0_outbound extended permit ip any 192.168.101.0 255.255.25
5.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19
2.168.11.0 255.255.255.0
access-list 102 standard permit 192.168.0.0 255.255.0.0
access-list Outside_cryptomap_20 extended permit ip 192.168.0.0 255.255.255.0 19
2.168.11.0 255.255.255.0
no pager
logging enable
logging timestamp
logging buffered debugging
logging trap informational
logging asdm informational
logging from-address blin@mvps.org
logging recipient-address blin@mvps.org level errors
logging host Outside x.x.x.37
logging host Inside 192.168.0.232
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool 101 192.168.101.1-192.168.101.254 mask 255.255.255.0
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
nat (management) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 192.168.0.114 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.38 192.168.0.117 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.36 192.168.0.230 netmask 255.255.255.255
access-group out_to_inside in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
url-list Any "0" port-forward Telent telnet 192.168.0.250 telnet asa
port-forward TS https 192.168.0.230 3389 data
group-policy DfltGrpPolicy attributes
banner none
wins-server value 192.168.0.231
dns-server value 192.168.0.231
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 102
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
functions url-entry
port-forward value TS
port-forward-name value Application Access
group-policy Webvpn internal
group-policy Webvpn attributes
vpn-tunnel-protocol IPSec webvpn
webvpn
functions url-entry file-access file-entry file-browsing port-forward filter
vpn-group-policy DfltGrpPolicy
webvpn
username blin password xxxx encrypted privilege 15
username blin attributes
vpn-group-policy DfltGrpPolicy
webvpn
http server enable
http 192.168.0.0 255.255.255.0 Inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 20 match address Outside_cryptomap_20
crypto map Outside_map 20 set peer x.x.x.106
crypto map Outside_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp identity address
isakmp enable Outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 1
isakmp policy 30 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultRAGroup general-attributes
default-group-policy Webvpn
tunnel-group PPTPVPN type ipsec-ra
tunnel-group PPTPVPN general-attributes
address-pool 101
tunnel-group PPTPVPN ipsec-attributes
pre-shared-key *
tunnel-group 206.81.53.106 type ipsec-l2l
tunnel-group 206.81.53.106 ipsec-attributes
pre-shared-key *
telnet 192.168.0.0 255.255.255.0 Inside
telnet timeout 10
console timeout 0
management-access Inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on
Line: 343
Char: 1
Error: Object doesn’t support this properly or method.
The line 343 is 'Connect
I did forward the port 3389 to 192.168.0.230. Any suggestions?
ASA Version 7.0(5)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password BXdBI/nCX9W8gnaT encrypted
no names
name 192.168.0.114 Consult
name 192.168.102.0 DMZ
name 192.168.0.213 Color
name 192.168.0.117 Outer
name 192.168.0.230 USA
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.37 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.0.250 255.255.255.0
!
interface Ethernet0/2
nameif DMZ
security-level 50
ip address 192.168.102.250 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
same-security-traffic permit intra-interface
access-list tac extended permit ip any host 209.116.241.10
access-list tac extended permit ip host 209.116.241.10 any
access-list out_to_inside extended permit tcp any host x.x.x.34 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001
access-list out_to_inside extended permit icmp any any
access-list out_to_inside extended permit tcp any host x.x.x.35 eq www
access-list out_to_inside extended permit tcp any host x.x.x.38 eq www
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.36 eq pptp
access-list out_to_inside extended permit gre any host x.x.x.36
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.38 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.36 eq www
access-list Inside_nat0_outbound extended permit ip any 192.168.101.0 255.255.25
5.0
access-list Inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 19
2.168.11.0 255.255.255.0
access-list 102 standard permit 192.168.0.0 255.255.0.0
access-list Outside_cryptomap_20 extended permit ip 192.168.0.0 255.255.255.0 19
2.168.11.0 255.255.255.0
no pager
logging enable
logging timestamp
logging buffered debugging
logging trap informational
logging asdm informational
logging from-address blin@mvps.org
logging recipient-address blin@mvps.org level errors
logging host Outside x.x.x.37
logging host Inside 192.168.0.232
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool 101 192.168.101.1-192.168.101.254 mask 255.255.255.0
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
nat (management) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 192.168.0.114 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.38 192.168.0.117 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.36 192.168.0.230 netmask 255.255.255.255
access-group out_to_inside in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.81 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
url-list Any "0" port-forward Telent telnet 192.168.0.250 telnet asa
port-forward TS https 192.168.0.230 3389 data
group-policy DfltGrpPolicy attributes
banner none
wins-server value 192.168.0.231
dns-server value 192.168.0.231
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value 102
default-domain none
split-dns none
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
client-firewall none
client-access-rule none
webvpn
functions url-entry
port-forward value TS
port-forward-name value Application Access
group-policy Webvpn internal
group-policy Webvpn attributes
vpn-tunnel-protocol IPSec webvpn
webvpn
functions url-entry file-access file-entry file-browsing port-forward filter
vpn-group-policy DfltGrpPolicy
webvpn
username blin password xxxx encrypted privilege 15
username blin attributes
vpn-group-policy DfltGrpPolicy
webvpn
http server enable
http 192.168.0.0 255.255.255.0 Inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 20 match address Outside_cryptomap_20
crypto map Outside_map 20 set peer x.x.x.106
crypto map Outside_map 20 set transform-set ESP-3DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp identity address
isakmp enable Outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash md5
isakmp policy 30 group 1
isakmp policy 30 lifetime 86400
isakmp nat-traversal 20
tunnel-group DefaultRAGroup general-attributes
default-group-policy Webvpn
tunnel-group PPTPVPN type ipsec-ra
tunnel-group PPTPVPN general-attributes
address-pool 101
tunnel-group PPTPVPN ipsec-attributes
pre-shared-key *
tunnel-group 206.81.53.106 type ipsec-l2l
tunnel-group 206.81.53.106 ipsec-attributes
pre-shared-key *
telnet 192.168.0.0 255.255.255.0 Inside
telnet timeout 10
console timeout 0
management-access Inside
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, VPN & Remote Access on