Can't login to web GUI since upgrade

Unanswered Question
Jul 29th, 2007


Moved from 4.1.7.E to 4.7.2.L on a 3020 Concentrator and although I get the login page, accepting certificates etc., I can't login ... I can ssh to the dos style menu, vpn connections work fine, all is good except ... I can't login.

Any help much appreciated,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m.surtees Sun, 07/29/2007 - 16:51

Hi John,

Yup, I tried all that like the upgrade doco said, did so on both Firefox and IE and still no joy.

It is as if I have the username / password incorrect (which I don't). Or it does not allow https connections even though it gives the login page.

Still a mystery.

Thanks anyway,


m.surtees Sun, 07/29/2007 - 20:22

What might help is if I new what logs to send to syslog. I'm sending AUTH (amongst others) and can see myself login successfully via SSH, and can see SNMP connections ... BUT nothing - failed or attempted or anything via http / https.

This is the case even if I deliberately use incorrect login details.

*sigh* Why won't it work?


johnd2310 Mon, 07/30/2007 - 01:30

Hi Mike,

Go through your http/https config could be that it is trying to authenticate to non-existing radius or tacacs for web admin.



m.surtees Mon, 07/30/2007 - 23:23


This has been a nightmare but it seems fixed now. It is an HTTPS configuration element - thank you - but I had fiddled with pretty much everything including this before. I probably just had not done so in the correct combination. Also I was working on the CLI of a OS I had not worked with before (4.7.2 as opposed to 4.1.7)

For final closure of this conversation I below is the solution from a CLI point of view. Might want to paste it into an ascii editor with a wider page to enjoy what formatting there is.

Configuration > Tunneling & Security > SSL

> HTTPS > Enable/Disable HTTPS > Disable HTTPS ERROR:-- Instance Error

ERROR:-- The SET Failed.


| Tried the above just to do *something* |

| Then back to default: |


> Enable HTTPS

> Enable/Disable Client Authentication > Disable Client Authentication


I Believe the above is the change that made the difference. Looking at a comparison of the not working post-upgrade config and the one after the above change the difference is:

NOT working line 25: httpscertrequired=1

WORKING line 25: httpscertrequired=2

I also accepted the default value below before I compared configs but I don't think it made a difference


> Protocols > Set SSL Version -> Negotiate SSL V3/TLS V1

Thanks for your help


This Discussion