Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
4
Replies

Issue connecting VPN to DevNet Sandbox environment

sbcthink
Level 1
Level 1

‎11-16-2024 12:25 PM

I am using CBTNuggets studying for my DevNet Associate certification. I am connected to the Open "NX-OS Programmability AlwaysOn" DevNet Sandbox environment so that I can interact with NETCONF, RESTCONF, and NX-OS API operations on a Nexus 9000 device with VS Code and Postman from a Windows device. 

The Instructions in the DevNet environment say "In order to establish a software VPN connection to this Lab, you must have a functioning VPN client and network access". I then go to the Cisco download center to download and install Secure Client but I am given an error stating that I can't download Secure Client because I do not have a service agreement with Cisco. This is true because I am not affiliated with any organization; I am just a lowly person trying to go solo and and get my DevNet Associate certification.

Since I am unable to use Secure Client, Cisco alternatively recommends OpenConnect as a VPN. I then download and install OpenConnect. I then go to read the email that was sent to me when I launched the Sandbox environment, and the email states, "Good News! Your Open NX-OS Programmability AlwaysOn is ready. Please visit your topology page and goto the "Quick Access" tab to retrieve your access details". I then go to the "Quick Access" tab in the Sandbox environment per the email and I see that the host is "[https]sbx-nxos-mgmt.cisco[dotcom]".

I open OpenConnect GUI for Windows, and create a new profile. for the server I enter "[https]sbx-nxos-mgmt.cisco[dotcom]" and hit Save & Connect. However the attempted connection fails and I am never prompted to enter the credentials. The OpenConnect log shows the following:

2024-11-16 13:49:55 | 12f8 | POST [https]sbx-nxos-mgmt.cisco[dotcom]
2024-11-16 13:49:55 | 12f8 | Connected to 131.226.217.151:443
2024-11-16 13:49:55 | 12f8 | There was a non-CA certificate in the trusted list: CN=USB\\VID_2982&PID_1967&MI_00 (libwdi autogenerated).
2024-11-16 13:49:55 | 12f8 | There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority.
2024-11-16 13:49:55 | 12f8 | There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
2024-11-16 13:49:55 | 12f8 | There was a non-CA certificate in the trusted list: CN=Root Agency.
2024-11-16 13:49:55 | 12f8 | SSL negotiation with sbx-nxos-mgmt.cisco.com
2024-11-16 13:49:55 | 12f8 | Server certificate verify failed: certificate expired
2024-11-16 13:49:55 | 12f8 | Connected to HTTPS on sbx-nxos-mgmt.cisco.com with ciphersuite (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA512)-(AES-256-GCM)
2024-11-16 13:49:55 | 12f8 | Got HTTP response: HTTP/1.1 401 Unauthorized
2024-11-16 13:49:55 | 12f8 | Server 'sbx-nxos-mgmt.cisco.com' requested Basic authentication which is disabled by default
2024-11-16 13:49:55 | 12f8 | GET [https]sbx-nxos-mgmt.cisco[dotcom]
2024-11-16 13:49:55 | 12f8 | Connected to 131.226.217.151:443
2024-11-16 13:49:55 | 12f8 | SSL negotiation with sbx-nxos-mgmt.cisco.com
2024-11-16 13:49:55 | 12f8 | Server certificate verify failed: certificate expired
2024-11-16 13:49:55 | 12f8 | Connected to HTTPS on sbx-nxos-mgmt.cisco.com with ciphersuite (TLS1.2)-(ECDHE-SECP384R1)-(RSA-SHA512)-(AES-256-GCM)
2024-11-16 13:49:56 | 12f8 | Got HTTP response: HTTP/1.1 401 Unauthorized
2024-11-16 13:49:56 | 12f8 | No more authentication methods to try
2024-11-16 13:49:56 | 12f8 | Authentication error; cannot obtain cookie
2024-11-16 13:49:56 | 44a4 | Disconnected

In short, I am at a brick wall with my certification process. I do not have access to Cisco Secure Client, nor is OpenConnect allowing me to connect to the Sandbox environment. I am not a member of an organization that is involved with network automation, nor do I have any colleagues or friends in the field that I could tap for assistance. I can't find assistance from YouTube, forums, or AI that is related to what I am trying to do unfortunately. If anybody, anyone could please help me get some form of assistance establishing a VPN connection to the DevNet Sandbox environment I would be way more than super appreciative! 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

ecorban
Cisco Employee
Cisco Employee

‎11-16-2024 12:50 PM

hello. please check the instructions for the Always On lab. You should not require an vpn connection to an Always On sandbox.  You should have received an email with the following information:

 

Your Open NX-OS Programmability AlwaysOn is ready. Please visit your topology page and goto the "Quick Access" tab to retrieve your access details .

Thanks,
Cisco DevNet Sandbox Team

 

Here is a screenshot of the information you require to access this sandbox: (This screenshot is taken from the instructions panel on the right hand side of the Open NX-OS Programmability Sandbox Always On Sandbox)

 

Screenshot 2024-11-16 at 20.45.45.png

 

0 Helpful

alfgarva
Level 1
Level 1

‎01-27-2025 05:18 PM

I couldn´t connect it.

Please help

0 Helpful

ecorban
Cisco Employee
Cisco Employee
In response to alfgarva

‎01-28-2025 02:35 AM

Hello,

you do not need an vpn connection to connect to the Always On lab. Open connect is an alternate software you could use to connect to sandbox if you dont have an licensed version of the Anyconnect. 

0 Helpful

alfgarva
Level 1
Level 1

‎01-27-2025 05:19 PM

How can I download AnyConnect

0 Helpful
Customers Also Viewed These Support Documents