Thinking Workshop”. Cisco Small Business is excited to invite its
Silicon Valley customers to an exclusive interactive one-day session
customers and product Managers. If you are interested in this
workshop, please fill out the Registration
For more information, please check out our FAQ
Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter
I can't seem to get the SSL VPN working on the UC540W. It was working then it disappeared. Basicaly the webvpn.html page never comes up and I just get a blank page in IE. I can telnet to the unit so I know the port is open and can get to it.
Looking for suggestions on this one. Specifically any files I might be missing on the flash drive or any command line entries I might be missing that CCA did not apply.
What version of IOS are you using? I seem to remember there being some problems with SSL VPN in 15.1(2)T2.
I had a problem earlier this year with the SSL VPN on our UC540. When I turned on debugging for http ssl I would receive ssl handshake errors. I had to create a new trustpoint and generate a new certificate to fix the problem.
Try doing show crypto ca cert to check the validity of your certificate.
I have the latest IOS from the latest SWP and it's been going on for at least one or two others, so I don't think that is it.
I dont' think the certificate would prevent me from hitting the page. I checked ther cert anyway and it's valid. I always get IE can't display the page.
I checked another UC box and it was doing the same thing. The certificate showed valid as well. I put the debug on and it did show a couple of errors but I couldn't determine where the problem was from the description.
I decided to create a new self-signing cert anyway just to see what would happen, and that worked.
Thanks for pointing that out.
If you don't see the page at all, then it may be a certificate issue. To verify this, run the following debugs and try browsing to the UC540?
- debug crypto pki trans
- debug crypto pki mess
- debug ssl openssl error
Check for something along the lines of the following:
000298: Apr 28 18:46:04.699: CRYPTO_PKI: Can not select private key
000299: Apr 28 18:46:04.699: CRYPTO_OPSSL: Can't find router private key
If you see that, then rebuilding and re-enrolling the trustpoint should work.
Yes, I did run the debug in the previous post and got those type of errors. The debugs may have been slightly different, but enough to show there was a problem.
Actually, I ended up creating a certificate from a CA so I wouldn't get browser warning messages that happen when you use a self-signed cert. That worked as well.