cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
516
Views
0
Helpful
9
Replies
JohnAJ
Beginner

Cisco 9115AXI EWC cannot access to WebUI remotely

Hi all, 

 

I have an issue with my Cisco 9115AXI EWC where I can't access via WebUI. I have enable the http and http-secure server as well but failed.

I have saw the traffic that pass through the firewall (Palo Alto), it shows that the application incomplete and status is aged-out. There is no blocking in the firewall since all the traffic is allow for this IP management segment for the EWC.

 

Anyone facing this issue before and give suggestion, if any? 

9 REPLIES 9
marce1000
VIP Advisor

 

 - Does it work from a local-perspective, the palo alto message is for instance discussed in this thread :

                  https://live.paloaltonetworks.com/t5/general-topics/aged-out-in-allowed-traffic-logs/td-p/295534

 M.

Hi marce1000, 

 

what i understand on the article, means the traffic going to the EWC WebUI is using different route, then when it comes back, it using other route?

 

But I dont think thats the issue since we have also switches and routers there, and if I am trying accessing their WebUI, somehow, it success.

 

I was thinking its the bug on the version, I have downgrade and upgrade as well to the latest version, however, still not solve the problem.

 

Any suggestion where I can check? 

Are you able to access the WebUI from a local subnet or even from the same subnet? Validate if that is working first or not.
-Scott
*** Please rate helpful posts ***

Hi Scott, 

 

Yes, I am able to access from same subnet.

 

 

Then there is nothing wrong with from what I can tell. If you can access the WebUI from another vlan that doesn’t hit your FW just you L3, then you know that the WebUI is functioning and must be your infrastructure.
-Scott
*** Please rate helpful posts ***

 

  - What error do you get ? Also can you then ping the 9115 (e.g.)

 M.

Hi Marce1000, 

 

There is no error I get from the browser, its just that keep loading and display at below "Waiting for 10.62.31.254"

 

I can ping without any ping drop and able to SSH remotely on the same PC that I use to access the WebUI.

 

 

 

 - Make sure that no local rules such as ACL or other prevent this remote access WebUI access. In that respect, using SSH check the device logs when this is attempted. Also try wget to fetch the page , and turn on debugging , this may give more insights (too).

                          https://linux.die.net/man/1/wget

  M.

 

Can you ping the EWC remotely? (in other words does it have a route back to the remote user?)

Content for Community-Ad