12-02-2012 09:36 AM
I'm a bit stuck with my WebVPN weekend project. I've configured a WebVPN on my Cisco 1841 router using the command line but for some reason when I try to access the web portal i keep getting the 404 error. I tried reconfiguring it with Cisco CP but still no luck. Could someone point me in the right direction as to where the failure is in my configuration. I have useed the CCNA Security book as a guide.
Vauxhall_Cross#sh run
Building configuration...
Current configuration : 3674 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Vauxhall_Cross
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ZIm.$daY/Jq7JsIZrjcyYSyxiK0
!
aaa new-model
!
!
aaa authentication login sslvpn local
!
!
aaa session-id common
dot11 syslog
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-4132939895
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4132939895
revocation-check none
rsakeypair TP-self-signed-4132939895
!
!
crypto pki certificate chain TP-self-signed-4132939895
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313332 39333938 3935301E 170D3132 31323032 31373434
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31333239
33393839 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C6EA DF3C371A 659BC5D1 E2A7B3F2 2693FB25 EBADF417 555236DB 20C240E1
DE224E66 4F30415A 3DD3563F 5A60FF5C C3131B0E BC8B86B1 FA1FE1DE 99529F90
513364C9 51B6F697 631B5EAE 43C4AD67 13F49CCA B50D18D0 73940511 34996859
D11B754A D067CA3C 6E1B7B50 8CC2D9F2 D4102475 16116A46 95A71D23 39D15496
D7230203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E566175 7868616C 6C5F4372 6F737330 1F060355 1D230418
30168014 666F8AD0 FBBD97C5 9C65DD53 10BEF801 63211495 301D0603 551D0E04
16041466 6F8AD0FB BD97C59C 65DD5310 BEF80163 21149530 0D06092A 864886F7
0D010104 05000381 8100ABAF 3D5779D1 FC2CBD57 3D15BA0D 1D9D3683 52BB0B93
2B92E049 0FBAE538 4E3919CA A47B5749 76D87BAB 065459A4 FC7AE507 8C3C00D1
066CE7B9 3F6532A5 F35785C6 0513FB4D 327B01E6 BC83E47F 4D72F871 84C83551
3C23EC82 8488344E 1815D2BF 0BB6F08A 7FCFCE65 FF392894 4175C296 64F0B6CA
B7DA9976 DC78EA58 8A40
quit
!
!
username drury secret 5 $1$Egaq$sjGRXhPMNduHUkuMXaXjC/
username webtest secret 5 $1$IEAw$HD7BkLEPnv4qVdUwJeML8/
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
description $OUTSIDE$
ip address 192.168.99.2 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
description $INSIDE$
ip address 192.168.2.1 255.255.255.0
speed 100
full-duplex
!
router rip
network 192.168.2.0
network 192.168.99.0
!
ip local pool webvpn-pool 192.168.99.10 192.168.99.15
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.99.1
!
!
ip http server
ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 130.88.203.12 source FastEthernet0/0
!
webvpn gateway Cisco-WebVPN-Gateway
ip address <removed> port 443
ssl encryption rc4-md5
ssl trustpoint my-trustpoint
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context Cisco-WebVPN
title "idrury WebVPN - Powered By Cisco"
ssl authenticate verify all
!
url-list "rewrite"
!
acl "ssl-acl"
permit ip 192.168.99.0 255.255.255.0 192.168.99.0 255.255.255.0
!
login-message "Cisco Secure WebVPN"
!
policy group webvpnpolicy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webvpn-pool"
svc rekey method new-tunnel
svc split include 192.168.99.0 255.255.255.0
default-group-policy webvpnpolicy
aaa authentication list sslvpn
gateway Cisco-WebVPN-Gateway
max-users 2
inservice
!
end
12-03-2012 06:46 AM
Anyone know?
Sent from Cisco Technical Support iPad App
12-04-2012 04:18 AM
Hi Dauglas,
Can you please send me output of "show version" command.
Thanks.
***
Keep Smiling, Peace :)
***
12-04-2012 04:38 AM
Hi
Thanks for replying
Vauxhall_Cross#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(15)T7, R ELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 13-Aug-08 15:37 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Vauxhall_Cross uptime is 57 minutes
System returned to ROM by reload at 12:35:51 UTC Tue Dec 4 2012
System image file is "flash:c1841-advsecurityk9-mz.124-15.T7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 1841 (revision 6.0) with 117760K/13312K bytes of memory.
Processor board ID FCZ110116JS
2 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
12-04-2012 05:01 AM
Hi,
In here,
webvpn gateway Cisco-WebVPN-Gateway
ip address
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint my-trustpoint
inservice
***
Keep Smiling, Peace
***
12-04-2012 05:16 AM
Hi
I've added in that extral line http-redirect port 80 but i'm still getting the 404 error.
12-04-2012 05:11 AM
and
policy group webvpnpolicy
functions svc-required
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webvpn-pool" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 192.168.99.0 255.255.255.0
default-group-policy webvpnpolicy
aaa authentication list sslvpn
gateway Cisco-WebVPN-Gateway
max-users 2
inservice
***
Keep Smiling, Peace
***
12-04-2012 05:29 AM
Hi
I've added the functions svc-required but it will not let me enter svc address-pool "webvpn-pool" netmask 255.255.255.0 any ideas why
Vauxhall_Cross(config-webvpn-group)#svc address-pool "webvpn-pool" netmask 255.255.255.0
% Invalid input detected at '^' marker.
Thanks
Douglas
12-04-2012 08:18 AM
Please send me output of show license all
Sent from Cisco Technical Support iPhone App
12-04-2012 08:27 AM
show license all isn't working. Marker point failes at C in license
Vauxhall_Cross#sh license
all
% Invalid input detected at '^' marker.
12-04-2012 09:07 AM
Hi Douglas,
Kindly have a look at the link mentioned below:
Regards
Anim saxena
(Kindly rate helpful post)
12-04-2012 11:27 AM
Does that mean my 404 error is down to a licensing issue?
Thanks for the link by the way
Sent from Cisco Technical Support iPad App
12-04-2012 09:41 PM
Hi,
There is a big bug that causes Windows clients browser to report errors such as ""The page isn't redirecting properly"" when trying to connect to the SSL WebVPN Gateway. According to Cisco, this bug surfaces as a Windows machine gets updated with security update KB2585542. Cisco's workaround solution is to use the rc4-md5
encryption instead, as shown above.
Cisco has assigned bug ID: CSCtx38806 with the description "
IOS SSL VPN fails to connect after microsoft security update KB258554".
Check If that security update is installed. If do then kindly uninstall it:
Control Panel > All Control Panel Items > Programs and Features > View installed updates > Right clicked security update KB2585542 > Uninstall > Rebooted the machine
****************************
Keep Smiling, Peace
****************************
12-05-2012 02:06 AM
Hi
I've done what you suggested and uninstalled the KB updates but still i keep getting the 404 error. I've tried IE and Chrome where I'm prompted to login but It's not the portal. When I login thats when I get the 404 error. I've tested this on a Windows XP and Linux PC
12-05-2012 02:09 AM
Hi,
Are you able to login when it prompts you username and password after the site security certificate not trsuted error?
Regards,
Gurpreet S Puri
********************
Keep Smiling, Peace :)
********************
(Please Rate Helpful Post)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide