12-09-2018 09:49 AM
Hi there
need some help in setting up anyconnect.
I am new to the cisco world and am right now having an nightmare in just getting the licenses needed to run vpn on my router RV345P.
I am now trying to get the licenses below but the CISCO helpdesk is a bit bitchy as they claim they are not on my name but on the sellers name, although I have PAK ID and password...
12-17-2018 08:47 AM
well... I use a default certificate that is linked to the SSL VPN I created.
I have added a new Certficate for the FQPN as well as direct IP Address (although I have a dynaic IP on my WAN... in some point of time it would change)....
And I still ge that message about unsucceful domain name resolution (And still get the unsecure server...)
12-17-2018 10:51 AM
well... I use a default certificate that is linked to the SSL VPN I created.
I have added a new Certficate for the FQPN as well as direct IP Address (although I have a dynaic IP on my WAN... in some point of time it would change)....
And I still ge that message about unsucceful domain name resolution (And still get the unsecure server...)
12-17-2018 10:52 AM
well... I use a default certificate that is linked to the SSL VPN I created.
I have added a new Certficate for the FQPN as well as direct IP Address (although I have a dynamic IP on my WAN... in some point of time it would change)....
And I still ge that message about unsucceful domain name resolution which prevents access to my network (And still get the unsecure server message..)
12-18-2018 11:42 PM - edited 12-18-2018 11:57 PM
anyone who could help me?
i have by now added the port xyz of the vpn to the anyconnect client, separated by a : and that works at least when remaining in the same network. i can log in with userid and pw.
when trying to access from outside using vpn i now get another message of failure 'the service provider in your current location is restricting access to the internet. you not to log on with the service provider before you can establish a vpn session. you can try this by visiting any website with your browser.'
while i am wirting this. obviously internet works... so what is the problem now??
12-18-2018 11:55 PM
Is there a proxy server between your client PC and the Internet?
12-18-2018 11:58 PM - edited 12-19-2018 12:05 AM
no, nothing in between. and while that message popos up i can continue to work on internet.
or lets put it that way. as i am using the mobile hotspot of my handy to simulate access from outside i assume there is no proxy
12-19-2018 12:22 AM
One of the directives of network troubleshooting is to assume nothing. haha
Seriously, your hotspot could be causing any number of issues in this scenario.
Can you ask anybody else to try accessing without going via hotspot? If you want to direct message me the address or FQDN I can try it.
12-19-2018 12:28 AM
hi Marvin
did get around that by disabling the captive portal detection in anyconnect.
now it works. i can log in and use my internal network. i can use .y dynamic dns or the wan ip to do so,
what i stil get with both access methods is the warning about the certificate not matching the server if you now how to pout that straight. but it does not prevent me from working on my net
and what i also get now is with each login an error message logged saying
2018-12-19T09:24:41+01:00 <notice>sslvpnd: pam_krb5(anyconnect-vpn:auth): authentication failure; logname=xyz uid=0 euid=0 tty= ruser= rhost=
is that a problem?
12-19-2018 02:11 AM
It appears your hotspot was essentially behaving like a captive portal. Glad you straightened that out.
Regarding the certificate, you are probably using self-signed. The client won't trust that. If it's just for testing or on-off I would live with it.
If you want to learn a bit about certificates then generate a Certificate Signing Request (CSR) on the router or using openssl or a free program like XCA. Be sure to use the DDNS FQDN as the common name. Then get it signed by a trusted CA (usually means paying a 3rd party like GoDaddy). Then install the resultant certificate on the router.
I don't know about the error message you are seeing. I work with ASAs mostly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide