01-23-2018 07:57 AM - edited 03-12-2019 04:56 AM
I configured my router for use the SSL VPN (WEBVPN), but when I try to access the router give a mensagem” wrong redirect error page” to https://138.121.245.87/webvpn.html. I have the question if I make wrong configuration or it’s a bug in router Follow the router logs.
Cisco CISCO1905/K9 (revision 1.0) with 229376K/32768K bytes of memory.
Processor board ID FTX160981M9
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250864K bytes of USB Flash usbflash0 (Read/Write)
Router#sh webvpn license
Max platform license count : 75
Available license count : 75
Reserved license count : 75
In-use count : 0
Digiage_Router#sh webvpn gateway DigiageGateway
Admin Status: up
Operation Status: up
Error and Event Logging: Enabled
IP: 138.121.245.87, port: 443
HTTP Redirect port: 80
SSL Trustpoint: SSLVPN_CERT
FVRF Name not configured
Digiage_Router#sh webvpn context DigiagaVPN
Admin Status: up
Operation Status: up
Error and Event Logging: Disabled
CSD Status: Disabled
Certificate authentication type: All attributes (like CRL) are verified
AAA Authentication List: webssl
AAA Authorization List not configured
AAA Accounting List not configured
AAA Authentication Domain not configured
Authentication mode: AAA authentication
Default Group Policy: SSLPolicy
Associated WebVPN Gateway: DigiageGateway
Domain Name and Virtual Host not configured
Maximum Users Allowed: 20
NAT Address not configured
VRF Name not configured
Virtual Template not configured
Digiage_Router#sh webvpn policy group SSLPolicy context all
WEBVPN: group policy = SSLPolicy ; context = DigiagaVPN
banner = "Welcome to Digiage's SSL VPN Services"
url list name = "WebServers"
idle timeout = 2100 sec
session timeout = Disabled
functions =
svc-enabled
citrix disabled
address pool name = "SSLPool"
netmask = 255.255.255.0
dpd client timeout = 300 sec
dpd gateway timeout = 300 sec
keepalive interval = 30 sec
SSLVPN Full Tunnel mtu size = 1406 bytes
keep sslvpn client installed = enabled
rekey interval = 3600 sec
rekey method =
lease duration = 43200 sec
DNS primary server = 8.8.8.8
Digiage_Router#sh crypto pki certificates
Router Self-Signed Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: General Purpose
Issuer:
serialNumber=FTX160981M9+hostname=Digiage_Router.digiage
Subject:
Name: Digiage_Router.digiage
Serial Number: FTX160981M9
serialNumber=FTX160981M9+hostname=Digiage_Router.digiage
Validity Date:
start date: 23:11:05 BRV Jan 22 2018
end date: 22:00:00 BRV Dec 31 2019
Associated Trustpoints: SSLVPN_CERT
Storage: nvram:FTX160981M9h#1.cer
webvpn install svc usbflash0:/webvpn/anyconnect-win-3.1.14018-k9.pkg sequence 1
eu ja tenho o AnyConnect instalado no meu PC quando eu tento fechar a vpn da o seguinte erro :
23/01/2018
08:29:53 Ready to connect.
10:42:25 Contacting 138.121.245.87.
10:42:42 Connection attempt has failed.
10:42:42 Unable to contact 138.121.245.87.
segue logs do router
Jan 23 12:22:19.584: WV: Client side Chunk data written..
buffer=0x2A7357B0 total_len=193 bytes=193 tcb=0x2AD0662C
Jan 23 12:22:19.584: WV: sslvpn process rcvd context queue event
Jan 23 12:22:19.584: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: DigiageGateway i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 189.16.36.66:57469
Jan 23 12:22:19.728: WV: sslvpn process rcvd context queue event
Jan 23 12:22:19.728: WV: Entering APPL with Context: 0x2A723B50,
Data buffer(buffer: 0x2A7357F0, data: 0xE19C358, len: 1,
offset: 0, domain: 0)
Jan 23 12:22:19.728: WV: Fragmented App data - buffered
Jan 23 12:22:19.728: WV: Entering APPL with Context: 0x2A723B50,
Data buffer(buffer: 0x2A7357D0, data: 0xE19DFD8, len: 424,
offset: 0, domain: 0)
Jan 23 12:22:19.728: WV: http request: with no cookie
Jan 23 12:22:19.728: WV: validated_tp : cert_username : matched_ctx :
Jan 23 12:22:19.728: WV: failed to get sslvpn appinfo from opssl
Jan 23 12:22:24.728: WV: Client side Chunk data written..
buffer=0x2A7357B0 total_len=193 bytes=193 tcb=0x2AD0662C
Jan 23 12:22:24.728: WV: sslvpn process rcvd context queue event
Jan 23 12:24:19.917: WV: sslvpn process rcvd context queue event
Jan 23 12:24:19.917: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: DigiagaVPN vw_gw: DigiageGateway i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 189.16.36.66:62678
Jan 23 12:31:14.666: WV: sslvpn process rcvd context queue event
Jan 23 12:35:10.239: WV: sslvpn process rcvd context queue event
Jan 23 12:36:18.439: WV: sslvpn process rcvd context queue event
Jan 23 12:36:33.871: WV: sslvpn process rcvd context queue event
Jan 23 12:36:53.835: WV: sslvpn process rcvd context queue event
Jan 23 12:38:30.103: WV: sslvpn process rcvd context queue event
Jan 23 12:38:49.159: WV: sslvpn process rcvd context queue event
Jan 23 12:40:34.284: WV: sslvpn process rcvd context queue event
Jan 23 12:40:54.372: WV: sslvpn process rcvd context queue event
Jan 23 12:42:43.692: WV: sslvpn process rcvd context queue event
Config da VPN SSL
aaa new-model
!
!
aaa authentication login webssl local
!
ip local pool SSLPool 172.24.25.150 172.24.25.200
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint SSLVPN_CERT
enrollment selfsigned
serial-number
revocation-check crl
rsakeypair SSL_KEYPAIR
!
webvpn gateway DigiageGateway
ip address 138.121.245.87 port 443
http-redirect port 80
ssl trustpoint SSLVPN_CERT
logging enable
inservice
!
webvpn install svc usbflash0:/webvpn/anyconnect-win-3.1.14018-k9.pkg sequence 1
!
webvpn context DigiagaVPN
ssl authenticate verify all
!
url-list "WebServers"
heading "Intranet Websites"
url-text "FTPServer"
url-value "ftp://172.24.25.54"
url-text "AbcServer"
url-value "http://172.24.25.26"
!
!
policy group SSLPolicy
url-list "WebServers"
functions svc-enabled
banner "Welcome to Digiage's SSL VPN Services"
svc address-pool "SSLPool" netmask 255.255.255.0
svc keep-client-installed
svc dns-server primary 8.8.8.8
default-group-policy SSLPolicy
aaa authentication list webssl
gateway DigiageGateway
max-users 20
inservice
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide