0 Replies Latest reply: Mar 5, 2013 9:48 PM by Shyamraj RSS

    SSL VPN connects but doesn't show the login screen

    Shyamraj

      Hi All,

       

      I tried setting up SSL VPN and here's the topology:

       

      topology.png

       

      I set up the SSL VPN on the router and tried accessing it from the browser. It gives me the certificate error which I accepted but doesn't show me the username and password - login screen.

       

      However on the router I do get this msg: "Mar  6 11:11:34.443: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: MY-GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 192.168.1.10:62659"

       

      Here's the running config of R6:

       

      R6#show run

      Building configuration...

       

      Current configuration : 3204 bytes

      !

      ! Last configuration change at 11:13:07 UTC Wed Mar 6 2013

      ! NVRAM config last updated at 11:06:41 UTC Wed Mar 6 2013

      !

      version 12.4

      service timestamps debug datetime msec

      service timestamps log datetime msec

      no service password-encryption

      !

      hostname R6

      !

      boot-start-marker

      boot-end-marker

      !

      aaa new-model

      !

      aaa authentication login AUTH local

      !

      aaa session-id common

      memory-size iomem 5

      ip cef

      !

      no ip domain lookup

      ip domain name cisco.com

      ip host R6.cisco.com 192.168.1.2

      !

      multilink bundle-name authenticated

      !

      crypto pki trustpoint TP-self-signed-4279256517

      enrollment selfsigned

      subject-name cn=IOS-Self-Signed-Certificate-4279256517

      revocation-check none

      rsakeypair TP-self-signed-4279256517

      !

      !

      crypto pki certificate chain TP-self-signed-4279256517

      certificate self-signed 02

        30820244 308201AD A0030201 02020102 300D0609 2A864886 F70D0101 04050030

        31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

        69666963 6174652D 34323739 32353635 3137301E 170D3133 30333036 31313036

        34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

        4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932

        35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

        8100CF01 E9F5B241 9DB955CB 78678629 C66DAD79 AB269C37 272BD5B6 5643009E

        7441AE47 4428263A F24FBB28 14DD06DA ECB53644 233CE81C 988BDD6D 3180350E

        4C404489 C0F6641F E82BC289 B4F8B631 F157EBDC 00A7B2E9 51C3545D 087A208E

        9DFC845F 0E0618A3 6E14DADB 5B2C1A25 0330FC0E DCB8EA0B E99817D2 9ACA156B

        4BB90203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603

        551D1104 10300E82 0C52362E 63697363 6F2E636F 6D301F06 03551D23 04183016

        8014FADB 7AA7E6E7 C43BD923 93E83061 7A4611C0 E59E301D 0603551D 0E041604

        14FADB7A A7E6E7C4 3BD92393 E830617A 4611C0E5 9E300D06 092A8648 86F70D01

        01040500 03818100 95023B76 9CB1EE29 A3F831B1 24799731 DC3EE534 75C30E20

        76396C48 F1444927 007ABB64 AA07BEFA D591C104 AFD95A99 23F4F386 7869842B

        7EEB8BFC C255D31A 3889612D E15D0C84 BE164ADC CD613EB1 0A39E311 33048FA7

        AEEB1B93 DFD4892D 574610DC 4CB3B59F BE425C95 AFC6450D 5466A02A 26E9D474

        868E55C2 77E51625

              quit

      !

      !

      username shyam password 0 cisco

      archive

      log config

        hidekeys

      !

      !

      !

      !

      !

      !

      !

      !

      interface FastEthernet0/0

      ip address 192.168.1.12 255.255.255.0

      duplex auto

      speed auto

      !

      interface FastEthernet0/1

      no ip address

      shutdown

      duplex auto

      speed auto

      !

      ip forward-protocol nd

      !

      !

      ip http server

      ip http secure-server

      !

      control-plane

      !

      line con 0

      exec-timeout 0 0

      privilege level 15

      logging synchronous

      line aux 0

      exec-timeout 0 0

      privilege level 15

      logging synchronous

      line vty 0 4

      !

      !

      !

      webvpn gateway MY-GATEWAY

      hostname GW1

      ip address 192.168.1.12 port 443

      http-redirect port 80

      ssl encryption aes-sha1

      ssl trustpoint TP-self-signed-4279256517

      logging enable

      inservice

      !

      webvpn context MY-CONTEXT

      title-color blue

      ssl authenticate verify all

      !

      login-message "PLEASE LOG IN"

      !

      policy group MY-POLICY

      default-group-policy MY-POLICY

      aaa authentication list AUTH

      gateway MY-GATEWAY

      inservice

      !

      end

       

      Is my config missing something?

       

      Thanks in advance.