07-29-2007 03:51 AM - edited 03-09-2019 06:29 PM
Hi,
Moved from 4.1.7.E to 4.7.2.L on a 3020 Concentrator and although I get the login page, accepting certificates etc., I can't login ... I can ssh to the dos style menu, vpn connections work fine, all is good except ... I can't login.
Any help much appreciated,
Mike
07-29-2007 04:22 AM
Hi Mike,
Try clearing your browser cache.
thanks
John
07-29-2007 04:51 PM
Hi John,
Yup, I tried all that like the upgrade doco said, did so on both Firefox and IE and still no joy.
It is as if I have the username / password incorrect (which I don't). Or it does not allow https connections even though it gives the login page.
Still a mystery.
Thanks anyway,
Mike
07-29-2007 08:22 PM
What might help is if I new what logs to send to syslog. I'm sending AUTH (amongst others) and can see myself login successfully via SSH, and can see SNMP connections ... BUT nothing - failed or attempted or anything via http / https.
This is the case even if I deliberately use incorrect login details.
*sigh* Why won't it work?
Mike
07-30-2007 01:30 AM
Hi Mike,
Go through your http/https config could be that it is trying to authenticate to non-existing radius or tacacs for web admin.
thanks
John
07-30-2007 11:23 PM
John,
This has been a nightmare but it seems fixed now. It is an HTTPS configuration element - thank you - but I had fiddled with pretty much everything including this before. I probably just had not done so in the correct combination. Also I was working on the CLI of a OS I had not worked with before (4.7.2 as opposed to 4.1.7)
For final closure of this conversation I below is the solution from a CLI point of view. Might want to paste it into an ascii editor with a wider page to enjoy what formatting there is.
Configuration > Tunneling & Security > SSL
> HTTPS > Enable/Disable HTTPS > Disable HTTPS ERROR:-- Instance Error
ERROR:-- The SET Failed.
------------------------------------------
| Tried the above just to do *something* |
| Then back to default: |
------------------------------------------
> Enable HTTPS
> Enable/Disable Client Authentication > Disable Client Authentication
----------------------------------------------
I Believe the above is the change that made the difference. Looking at a comparison of the not working post-upgrade config and the one after the above change the difference is:
NOT working line 25: httpscertrequired=1
WORKING line 25: httpscertrequired=2
I also accepted the default value below before I compared configs but I don't think it made a difference
----------------------------------------------
> Protocols > Set SSL Version -> Negotiate SSL V3/TLS V1
Thanks for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: