I can't seem to get the SSL VPN working on the UC540W. It was working then it disappeared. Basicaly the webvpn.html page never comes up and I just get a blank page in IE. I can telnet to the unit so I know the port is open and can get to it.
Looking for suggestions on this one. Specifically any files I might be missing on the flash drive or any command line entries I might be missing that CCA did not apply.
What version of IOS are you using? I seem to remember there being some problems with SSL VPN in 15.1(2)T2.
I had a problem earlier this year with the SSL VPN on our UC540. When I turned on debugging for http ssl I would receive ssl handshake errors. I had to create a new trustpoint and generate a new certificate to fix the problem.
Try doing show crypto ca cert to check the validity of your certificate.
I have the latest IOS from the latest SWP and it's been going on for at least one or two others, so I don't think that is it.
I dont' think the certificate would prevent me from hitting the page. I checked ther cert anyway and it's valid. I always get IE can't display the page.
I checked another UC box and it was doing the same thing. The certificate showed valid as well. I put the debug on and it did show a couple of errors but I couldn't determine where the problem was from the description.
I decided to create a new self-signing cert anyway just to see what would happen, and that worked.
Thanks for pointing that out.
If you don't see the page at all, then it may be a certificate issue. To verify this, run the following debugs and try browsing to the UC540?
- debug crypto pki trans
- debug crypto pki mess
- debug ssl openssl error
Check for something along the lines of the following:
000298: Apr 28 18:46:04.699: CRYPTO_PKI: Can not select private key
000299: Apr 28 18:46:04.699: CRYPTO_OPSSL: Can't find router private key
If you see that, then rebuilding and re-enrolling the trustpoint should work.
Yes, I did run the debug in the previous post and got those type of errors. The debugs may have been slightly different, but enough to show there was a problem.
Actually, I ended up creating a certificate from a CA so I wouldn't get browser warning messages that happen when you use a self-signed cert. That worked as well.