07-29-2007 03:51 AM - edited 03-09-2019 06:29 PM
Hi,
Moved from 4.1.7.E to 4.7.2.L on a 3020 Concentrator and although I get the login page, accepting certificates etc., I can't login ... I can ssh to the dos style menu, vpn connections work fine, all is good except ... I can't login.
Any help much appreciated,
Mike
07-29-2007 04:22 AM
Hi Mike,
Try clearing your browser cache.
thanks
John
07-29-2007 04:51 PM
Hi John,
Yup, I tried all that like the upgrade doco said, did so on both Firefox and IE and still no joy.
It is as if I have the username / password incorrect (which I don't). Or it does not allow https connections even though it gives the login page.
Still a mystery.
Thanks anyway,
Mike
07-29-2007 08:22 PM
What might help is if I new what logs to send to syslog. I'm sending AUTH (amongst others) and can see myself login successfully via SSH, and can see SNMP connections ... BUT nothing - failed or attempted or anything via http / https.
This is the case even if I deliberately use incorrect login details.
*sigh* Why won't it work?
Mike
07-30-2007 01:30 AM
Hi Mike,
Go through your http/https config could be that it is trying to authenticate to non-existing radius or tacacs for web admin.
thanks
John
07-30-2007 11:23 PM
John,
This has been a nightmare but it seems fixed now. It is an HTTPS configuration element - thank you - but I had fiddled with pretty much everything including this before. I probably just had not done so in the correct combination. Also I was working on the CLI of a OS I had not worked with before (4.7.2 as opposed to 4.1.7)
For final closure of this conversation I below is the solution from a CLI point of view. Might want to paste it into an ascii editor with a wider page to enjoy what formatting there is.
Configuration > Tunneling & Security > SSL
> HTTPS > Enable/Disable HTTPS > Disable HTTPS ERROR:-- Instance Error
ERROR:-- The SET Failed.
------------------------------------------
| Tried the above just to do *something* |
| Then back to default: |
------------------------------------------
> Enable HTTPS
> Enable/Disable Client Authentication > Disable Client Authentication
----------------------------------------------
I Believe the above is the change that made the difference. Looking at a comparison of the not working post-upgrade config and the one after the above change the difference is:
NOT working line 25: httpscertrequired=1
WORKING line 25: httpscertrequired=2
I also accepted the default value below before I compared configs but I don't think it made a difference
----------------------------------------------
> Protocols > Set SSL Version -> Negotiate SSL V3/TLS V1
Thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide