07-28-2010 07:26 PM
Hi All,
I've configured ssl/web VPN on a cisco 1941 however when I try to connect no page displays.. It simply just times out...
We are running a Cisco 1941 + Security... IOS = Version 15.0(1)M2 (c1900-universalk9-mz.SPA.150-1.M2.bin)
Running config displayed at the bottom..
Can anyone could shed some light on this issue please .. I've dropped very similar config on other routers and its works fine.. just not the 1941.. :|
Something which seems a bit odd is that directly after a reboot it thinks that the Licenses are in use.. ? or am I reading this wrong.. ?
sh license
Index 4 Feature: SSL_VPN
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Count: 10/10/0 (Active/In-use/Violation)
License Priority: Medium
Running Config Below...
version 15.0
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
!
hostname rtr01-xxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 64000 informational
enable secret 5 xxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip domain name xxxxxx
ip name-server 202.xxx.xx.4
ip name-server 202.xxx.xx.3
ip name-server 202.xxx.xx.3
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3909085777
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3909085777
revocation-check none
rsakeypair TP-self-signed-3909085777
!
!
crypto pki certificate chain TP-self-signed-3909085777
certificate self-signed 01
30820260 308201C9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
CUT
401FEC7A 4BD5E4E3 4415FB25 9F528898 34885BF2 08FD93E1 C48B7B96 38E1C461 8C5EBBEE
quit
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description IW R5K Uplink to Core 10Mb/10Mb
ip address 202.xxx.xx.xxx 255.255.255.252 secondary
ip address 202.xxx.xx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
description LAN GW 192.168.1.0/24$ES_LAN$
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/1
!
!
ip local pool SSLDHCP 192.168.2.10 192.168.2.50
ip default-gateway 202.xxx.xxx.xxx
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.1 993 interface GigabitEthernet0/0 993
ip nat inside source static tcp 192.168.1.100 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.1.1 4125 interface GigabitEthernet0/0 4125
ip nat inside source static udp 192.168.1.253 5000 interface GigabitEthernet0/0 5000
ip nat inside source static tcp 192.168.1.1 2147 interface GigabitEthernet0/0 2147
ip nat inside source static tcp 192.168.1.1 2146 interface GigabitEthernet0/0 2146
ip nat inside source static tcp 192.168.1.253 5000 interface GigabitEthernet0/0 5000
ip nat inside source static tcp 192.168.1.1 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 192.168.1.1 2145 interface GigabitEthernet0/0 2145
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
snmp-server community xxxxx RO
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
webvpn gateway gateway_1
ip address 202.xxx.xxx.xxx port 443
http-redirect port 80
ssl trustpoint TP-self-signed-3909085777
inservice
!
webvpn install svc flash0:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1
!
webvpn context RCSSLVPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "SSLDHCP"
svc keep-client-installed
virtual-template 1
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
max-users 10
inservice
!
end
07-29-2010 01:28 AM
Can you try removing the virtual template command from the webvpn config? Also if that doesn't help try changing the webvpn port to something else(eg.4443)
07-29-2010 04:20 AM
Hi Rahgovin,
Thanks for the response.. I removed the license, rebooted .. re-installed the license rebooted again and now its working just fine.. a little odd but its working so all good
Have a good one
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide