Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
4
Replies

Can't get WebVpn full SSL client to work

nboulet
Level 1
Level 1

‎11-01-2006 04:49 PM - edited ‎03-09-2019 04:44 PM

Hello,

I just get a new 1812 router and i wanna try the full SSL client. I upgrade IOS to 12.4.9T1, get last SDM and last vpn ssl package.

I follow the wizard on SDM to configure a simple webvpn on my outside network.

I can connect to the portal with my creditentials, and the ssl client install itself. It write warnings about certificates. But at last, i always got a message window "http return code error, contact your network admin". And on event viewer i have some errors with STCAgent (one is HTTP response code from the gateway is 401 , unautorized....).

I try on 2 different PC's with XP PRO SP2.

What else to try ??

Thanks

Labels:
0 Helpful
4 Replies 4

frkainvid
Level 1
Level 1

‎01-20-2007 02:43 AM

Hi,

I am getting the exact same error. Below is my webvpn configuration:

webvpn gateway guest

ip address 10.100.1.254 port 443

http-redirect port 80

ssl trustpoint TP-self-signed-927014488

inservice

!

webvpn install svc flash:/webvpn/svc.pkg

!

webvpn install csd flash:/webvpn/sdesktop.pkg

!

webvpn context guest

title-color #669999

secondary-color white

text-color black

ssl authenticate verify all

!

!

policy group fullclient

functions svc-required

hide-url-bar

svc address-pool "vpn-pool"

svc rekey method new-tunnel

svc dns-server primary 10.100.2.8

default-group-policy fullclient

aaa authentication list default

gateway guest

inservice

!

Have you solved your problem?

//F

0 Helpful

putimir
Level 1
Level 1
In response to frkainvid

‎03-25-2007 10:59 PM

Same here (using C871W, svc version 1,1,2,169).

I'm getting these errors (in succesion) in WinXP app log:

1. Source: STCAgent, ID: 20

2. Source: STCAgent, ID: 1 (Something about RasEnumEntries functio)

3. Source: STCAgent, ID: 1 (GetRasEntryName

4. Source: STCAgent, ID: 10 (HTTP response code from gateway is 401)

5. Source: STCAgent, ID: 2 (Termination reason code 28)

6. Source: STCAgent, ID: 1 (STCCONFIG_ERROR_HTTP_ERROR_RESPONSE)

7. Source: STCAgent, ID: 1 (SSL_ERROR_PARSE_FAILED)

8. Source: STCAgent, ID: (SSL_ERROR_INVALID_STATE)

There is nothing conclusive if I "debug webvpn"....

Anyone?

0 Helpful

putimir
Level 1
Level 1
In response to putimir

‎03-30-2007 01:02 AM

Edit: i found these messages when I did deb webvpn tunnel:

DEBUG,42455: WV-TUNL: Tunnel CSTP Version recv use 1

DEBUG,42456: WV-TUNL: Allocating tunl_info

DEBUG,42457: WV-TUNL: Allocating stc_config

DEBUG,42458: WV-TUNL: Allocating address 192.168.10.54 from local pool

DEBUG,42459: WV-TUNL: Cannot find IDB for IP address 192.168.10.54 in table 0

DEBUG,42461: WV-TUNL: Returning address 192.168.10.54 to pool

DEBUG,42462: WV-TUNL: Failed to config IP addr (192.168.10.54) to VRF Table (0)

DEBUG,42463: HTTP/1.1 401 Unauthorized

DEBUG,42470: WV-TUNL: Tunnel context (0x83764EA0) is removed from session (0x8378A4A0)

DEBUG,42471: WV-TUNL: Deallocating tunnel info 0x84034640

Anyone has an idea?

0 Helpful

putimir
Level 1
Level 1

‎03-30-2007 01:18 AM

Just figured it out (at least for me)!:

I was missing a loopback interface with an IP in the same subnet as the webvpn address pool!!!

0 Helpful
Customers Also Viewed These Support Documents