cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

2210
Views
0
Helpful
5
Replies
ciscojoe837
Beginner

SSL VPN

I can't seem to get the SSL VPN working on the UC540W.  It was working then it disappeared.  Basicaly the webvpn.html page never comes up and I just get a blank page in IE.  I can telnet to the unit so I know the port is open and can get to it.

Looking for suggestions on this one.  Specifically any files I might be missing on the flash drive or any command line entries I might be missing that CCA did not apply.

Thanks.

5 REPLIES 5
greenturtlesteak
Participant

What version of IOS are you using? I seem to remember there being some problems with SSL VPN in 15.1(2)T2.

I had a problem earlier this year with the SSL VPN on our UC540. When I turned on debugging for http ssl I would receive ssl handshake errors. I had to create a new trustpoint and generate a new certificate to fix the problem.

Try doing show crypto ca cert to check the validity of your certificate.

Cole

I have the latest IOS from the latest SWP and it's been going on for at least one or two others, so I don't think that is it.

I dont' think the certificate would prevent me from hitting the page.  I checked ther cert anyway and it's valid.  I always get IE can't display the page. 

I checked another UC box and it was doing the same thing.  The certificate showed valid as well.  I put the debug on and it did show a couple of errors but I couldn't determine where the problem was from the description.

I decided to create a new self-signing cert anyway just to see what would happen, and that worked.

Thanks for pointing that out.

Hi,

If you don't see the page at all, then it may be a certificate issue.  To verify this, run the following debugs and try browsing to the UC540?

-  debug crypto pki trans

-  debug crypto pki mess

-  debug ssl openssl error

Check for something along the lines of the following:

000298: Apr 28 18:46:04.699: CRYPTO_PKI: Can not select private key

000299: Apr 28 18:46:04.699: CRYPTO_OPSSL: Can't find router private key

If you see that, then rebuilding and re-enrolling the trustpoint should work.

Thanks,

Brandon

Yes, I did run the debug in the previous post and got those type of errors.  The debugs may have been slightly different, but enough to show there was a problem.

Actually, I ended up creating a certificate from a CA so I wouldn't get browser warning messages that happen when you use a self-signed cert.  That worked as well.