Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
0
Helpful
11
Replies

SSL VPN Anyconnect

Peter Miller
Level 1
Level 1

‎10-03-2015 09:02 PM - edited ‎02-21-2020 08:29 PM

Hey all I am attempting to get an SSL-VPN working for my home router and not getting much success.  When I attempt to connect it errors saying, No valid certificates available for authentication.  Attached is my config and version information for review.  Any help would be a tremendous help.

Thank you,
Andy

Labels:
Preview file
7 KB
Preview file
11 KB
0 Helpful
11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-04-2015 06:26 AM

You have an authentication list defined:

aaa authentication login ciscocp_vpn_xauth_ml_1 local

Now you need to call it out in the webvpn context section:

aaa authentication list ciscocp_vpn_xauth_ml_1

See this guide (specifically section 4.3) for more details.

0 Helpful

Peter Miller
Level 1
Level 1
In response to Marvin Rhoads

‎10-05-2015 10:57 AM

Hey Marvin,

I have changed it to aaa authentication login ssl_global local and applied still no change the web context to aaa authentication login ssl_global and still the same results.  I am afraid I am missing something.

0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to Peter Miller

‎10-05-2015 10:26 PM

did you do "no inservice" under the webvpn gateway and the policy and then try again; also the cert that you are using, can you try and generate it using a 2048 RSA key pair and check if that works for you

0 Helpful

Peter Miller
Level 1
Level 1
In response to pjain2

‎10-06-2015 12:33 AM

I put both the gateway and the policy out of service with the no inservice command and regenerated my RSA cert and still no success.

0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to Peter Miller

‎10-06-2015 01:04 AM

can you send the below output:

debug crypto pki transactions

debug crypto pki messages

debug crypto validation

 

0 Helpful

Peter Miller
Level 1
Level 1
In response to pjain2

‎10-06-2015 07:50 AM

I turned on those debugs and attempted several connections and still nothing.  I turned on term mon as I am over SSH.  Am I missing something or am I not even triggering these events?

0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to Peter Miller

‎10-06-2015 05:26 PM

can you try accessing the url from the browser and see what happens.

also please add the following config:

webvpn gateway SSL-VPN-GW

 ip address <> port 443 
0 Helpful

Peter Miller
Level 1
Level 1
In response to pjain2

‎10-06-2015 09:55 PM

I added that line to the webvpn gateway and still nothing from normal methods.  I also do not have a working URL setup for this.

0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to Peter Miller

‎10-06-2015 11:15 PM

you just have to access the router from the browser using the ip address:

https://<ip address>

0 Helpful

Peter Miller
Level 1
Level 1
In response to pjain2

‎10-07-2015 07:34 AM

When I did that, I get a usual chrome screen showing its a cert site and then I accept it and get this:

 

No data received

ERR_EMPTY_RESPONSE
0 Helpful

pjain2
Cisco Employee
Cisco Employee
In response to Peter Miller

‎10-07-2015 05:19 PM

can you try the same from internet explorer and see what happens

0 Helpful
Customers Also Viewed These Support Documents