Web client does not work as expected when accessed via Cisco ASA Clientless VPN portal

Version 1

    Verified Product Versions

    AppSense DataNow 3.6AppSense DataNow 3.5AppSense DataNow 3.0AppSense DataNow 2.0AppSense DataNow 4.0

    Introduction

    After entering credentials you may be unable to progress past the 'login' screen, or you may be able to log in, but no map points are listed, or other unexpected behaviour may be encountered.

    Detail

    This is due to the URL rewrite feature which is applied by default to Clientless SSL VPN sessions accessed via 'bookmarks' or the URL browser in the ASA client portal.

    The rewrite feature obfuscates the original URL and behaves as a proxy server which impedes the Javascript used by the DataNow web client

    The above behaviour can be mitigated by adding a rewrite exclusion for the DataNow server URL in conjunction with a smart tunnel. This causes the ASA to behave as a VPN concentrator as opposed to a Proxy server, and as the browser works against the actual appliance URL rather than the re-written URL, javascript is unimpeded and the web client works as expected.

    EG. In the 'WebVPN' context an example rewrite rule would be:

    '

    rewrite order 1 disable resource-mask *.domain.com/* name DataNow
    '

    The smart-tunnel should be configured via ASDM as the 'bookmarks' are stored in XML rather than the running config and cannot be configured from the command line