- ActiveX RDP Plugin fails to connect from WIn7 PC after upgrade to 8.4(3), Open CSCtx58556 - Symptom:
After an upgrade to 8.4(3), Windows 7 users are unable to connect to an RDP resource using the RDP ActiveX plugin via the WebVPN portal page.
Conditions: Customer must be using ASA 8.4(3) and Internet Explorer with the RDP ActiveX plugin.
Workaround: - Use the Java Plugin. This can be accomplished by adding '?ForceJava=yes' to the end of the RDP bookmark. For instance 'rdp://myterminalserver/?ForceJava=true'. - You can also use Firefox/Chrome to force the use of Java RDP plugin. - Downgrade to 8.4(2)x and remove the ActiveX plugin from Internet Explorer. You will also need to remove references to the ActiveX plugin from your Windows Registry. You can reference bug ID CSCtx57453 for further information. After removing the ActiveX plugin and cleaning up the registry, reconnect to the ASA 8.4(2)x to re-download the ActiveX plugin. - DOC: ASA RDP w/ ActiveX fails after downgrade from 8.4.3 to 8.4.2, Open CSCtx57453 - Symptom:
This is a documentation bug only to document issues when you downgrade from 8.4.3 or later
with RDP activex plugin to a older version like 8.4.2.
After downgrading from ASA 8.4.3 to 8.4.2 (or lower), RDP (ActiveX-based) via WebVPN portal fails to work for some users.
OR
If a set of users attempted ActiveX-based RDP via WebVPN portal on an ASA 8.4.3, then those users will not be able to RDP via WebVPN portals hosted by ASAs running 8.4.2 or lower.
Downgrading from 8.4.3 to 8.4.2 or other versions is not possible due to compatability
issues with the activex port forwarder plugins.
Use workaround below if there is a real need to downgrade.
Conditions: 1. Only users who have attempted RDP via SSL portal on ASA 8.4.3 will be affected. 2. The issue is seen only if ActiveX is used to launch the RDP link on the SSL portal i.e. the issue will only be seen on IE (8.x, 9.x).
Workaround: 1. Use the Java option on IE to relaunch the RDP link. 2. Use Firefox. 3. Remove all registry instances of "b8e73359-3422-4384-8d27-4ea1b4c01232? (old activex CLSID) using regedit Note: this should be only done after a backup of the registry. Should be done at your own risk and consult Microsoft support for further information. - QoS:allow policing of traffic to and from VPN tunnel, Open CSCtx30877 - Symptom:
Traffic coming to and from VPN tunnels will completely bypass all policing policies applied to the interface.
Conditions: configuring policing using MPF and match VPN traffic on an ASA.
Workaround: n/a - QoS doc should state all related limitations on ASA, Open CSCtx30891 - Symptom: This is a documentation bug. ASA/Qos Documentation needs to be updated with the qos related limitations such as: 1) To-the-box traffic is not policed. 2) Traffic to and from VPN tunnel by-pass interface policing. 3) Match tunnel-group class-maps only support outbound policing.
- Standby ASA traceback while trying to replicate xlates, Open CSCtx33347 - Symptom:
The standby ASA would crash while it is trying to replicate the translation entries
Conditions: ASA 5585 running 8.4.3
Workaround: none
Connect with Us