When our end users are have an established VPN connection and then browse to an external website (we are not using split tunneling) one frame on the page never loads. Any ideas?
The website is http://www.cabfinancial.com/
and the frame that does not load is the "Subscriber Login"
Use the ds trace to help troubleshoot that problem.
You also want the users who are logged in via VPN to also use the vpn connection for internet browsing?
Yes we want all of their internet traffic coming back through us to inspect. If I put a device on the same network as the IP address that we are handing out to VPN users the web site works correctly. It's only broke when they are using network connect and or Junos Pulse.
I have tried multiple browsers with the same result(s).
When I do the dstrace nothing is collected, the log is empty.
It just does not make a whole lot of sense, how can one frame of a site not work and everything else does and every other external website that I browse to.
For something to try on the VPN connection profile I changed it from ESP to now SSL as the transport and the frame inside the page works everytime. Thoughts?
No man, that is good news, however i have no idea. Maybe the compression that is supported for that particular frame. SSL supports gzip compression while ESP supports LZO compression. But that is beyond me. If you feel like trying one more thing, you could check to see if it makes a difference whether using 32bit or 64bit browser. If you have access to the Web developers for that site, you could ask them if they have coded it to require anything specific from the client side in order to load. Maybe a selective rewrite for that site, maybe something to do with UDP vs TCP transport; I don't know but it would be surely interesting to know exactly why.