The trouble is with authentication. Cisco changed whole command syntax in recent IOS versions, so there is NO "webvpn context" subconfig modes and commands anymore. Almost every document I found on Cisco site references the old command structure and is useless for my IOS version.
The main point is that I haven't found single command that configures webvpn authentication, be it AAA or local. The site does open, but I cannot log in. Regarding this, here are the lines that appear in router log. BTW, it is 2811 with advanced security IOS.
AAA/AUTHEN/LOGIN (00000000): Pick method list 'Permanent Local'
SSLVPN: User: SOMEUSER password: ******* is sent to AAA for authentication
SSLVPN: AAA Authentication Failed !
I have Cisco ACS configured and working in my network, but I can't configure the router to work with it.
Here is the config:
webvpn enable gateway-addr x.x.x.x
ssl encryption 3des-sha1
ssl trustpoint TP-self-signed-417989771
login-message "login please..."
heading "some urls"
url-text "some url" url-value some-server
This is enough for webvpn site to come up. But authentication won't work. Look at the commands available in webvpn subconfig mode:
SSLVPN Submode commands:
exit Exit from SSLVPN mode
idle-timeout Idle timeout in seconds
login-message Login messsage to be displayed
logo Logo file to be displayed
no Negate or set default values of a command
port-forward Port forwarding
secondary-color Secondary color for the browser
secondary-text-color Secondary text color for the browser
session-timeout Session timeout in seconds
ssl SSL related configuration
text-color Text color for the browser
title Title to be displayed on the browser
title-color Title color for the browser
url-list URL list configuration submode
There is no authentication command whatsoever. IN earlier IOS version, when one enters webvpn context subconfig mode, there is a command "aaa authentication ..." and everything is easy to configure.
It seems that IOS is trying to find a method list configured for webvpn, but it cannot find one, so it goes for default "permanent local" - as it is stated in router log.
Any help is appreciated - I am trying for days to solve the problem, even asked some other Cisco guys, but noone knows this new IOS syntax.