01-31-2021 01:58 PM - edited 07-05-2021 01:08 PM
Hi, I have IPSec remote access VPN setup on Mikrotik router. I am not able to reach WLC/ME web interface through browser. I have no problem to open any website HTTP/HTTPS when connected to VPN, only web management of WLC is an issue, SSH CLI works fine. I have no problem accessing web GUI on LAN, my PC and WLC management are in different VLANs. After entering https://ip to my browser, it asks me whether I trust certificate, I click yes and it loads to infinite. I tried different browsers too. I did a PCAP on client and also on router, there are duplicate ACKs and retransmits, also ICMP fragmentation needed messages. No split tunneling si set, MSS is adjusted on forward traffic to 1000, firewall is setup correctly as PC in VPN get same IP/subnet as in LAN also router is not overloaded. I think it can be connected with MTU/MSS. Access points 1815i were updated twice to 8.10.130 and now 8.10.142. Thank you for any relevant ideas.
Solved! Go to Solution.
02-06-2021 11:10 PM
02-01-2021 12:19 PM
Ok, https session is not loading, did you try opening http session?
Does WLC has proper clock settings?
If the certificate is self-signed, then i would recommend to regenerate and retry
02-02-2021 11:50 AM
02-02-2021 11:56 AM
Did you try http instead of https?
02-02-2021 12:43 PM
02-04-2021 01:41 AM
You can verify the MTU issue by pinging with the "do-not-fragment" bit set. All ping clients should have this option. Also try a different browser, might be a policy or cache issue on the local client.
02-06-2021 11:10 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide