Debugging a Cisco SSL VPN connection

Nutter helps a user who's having problems accessing directories

We have been using a Cisco 3005 SSL VPN Concentrator for a while now. What attracted was the fact you didn't have to install a client on the machine establishing a connection. We have run into a problem with one user recently that has us stumped. When he uses the Network Browse function to get to his home directory share, the screen comes up as if the files will be displayed, but nothing ever shows up on the screen. Any ideas?

Via the Internet

See if the problem shows up on more than one computer. This will rule out a firewall or other local PC issue. If the problem persists, create a new directory for the user, share it with granting rights to group everyone for NTFS and share permissions. If you can see the directory, try putting a few files in it and increase the number of files until you have the same number as that in the user's current original directory. If things are still OK, try tightening the permissions until they exactly match what the user currently has in place. I have run into a problem recently in which a user had more than 2000 files in his directory, and that was causing the problem.

You didn't say how long you've had the Cisco VPN device. Verify you have the latest version of firmware installed. Updating to the latest firmware may be all it takes to fix the problem.  Consider turning on debugging. Under filterable event logging, make sure you select AUTH and WEBVPN. After saving the configuration, you can look at the logs to see what the SSL concentrator thinks is going on.

If nothing else gives you an idea of the problem, now is a good time to pull out your protocol analyzer and see what kind of traffic is going across the wire between the SSL VPN appliance and the server where the home directories reside. If you haven't had the need for a protocol analyzer, Ethereal is a good one to start with and the price is right - free. Do two protocol captures, one logging in as a user that isn’t having a problem and one as a user that is. Compare the two captures and look for differences to give you an idea of where to look for the problem.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.