SA520 SSL-VPN connection problems

Unanswered Question
Dec 9th, 2009

I am trying to connect to the default SSL VPN portal on an SA520 using Internet Explorer 8.  From a remote computer that is NOT on the same network as the SA520, I type in the portal address exactly as it is shown in the list of portal layouts on the VPN tab.  First, I get the "there is a problem with this website's security certificate" but I can click "continue to this website".  Then I get to the blue Cisco Small Business Pro Security Appliance Configuration Utility login screen.  I type in the username and password of a SSLVPN user that I had previously created, and I get the following message:

"SSLVPNUser authentication Failed. Use the correct SSL portal URL to login."

If I type in the administrator username and password at that same screen, I get the following message:

"Admin User authentication Failed."

I can login remotely to the Configuration Utility when I use just the WAN IP address with https://, and I can manage the SA520 this way, but I can't seem to get the SSL VPN to work.  I tried from several different computers and different physical sites as well as tried Firefox to no avail.  I just upgraded the firmware to the latest version 1.0.39 and did a factory reset.  Anyone have any ideas on what I'm missing?

Thanks,  Adam V.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Steven Smith Tue, 12/15/2009 - 09:13

Are you using the default portal or did you create a different portal?  If you created a different portal, did you create a different user domain?

aboutnetwork Thu, 12/24/2009 - 02:27

Hi, I got the same problem using SA520 1.0.15

1. Port forwarding doesnt work with mozilla 5.0 firefox 3.0.16, perhaps a problem with activex (the message says use internet explorer 5.0 or higher

2. Port forwarding didn't respond with internet explorer 8.0, I remarked a "compatibility view" option of internet explorer I guess, that could permit accessing the functionnality, but nothing more ...

I'm testing 3 portal layouts, and want to show the port forwarding objects on the portal page.

I didn't know why it now works for me, I just closed the SSL user page and reconfigured the portal layout.

And I guess, there is only one web access, even if you use different usernames, did you try simultaneous webaccess management+ssl?

Regards.

rar

aboutnetwork Thu, 12/24/2009 - 03:00

Hi all,

So here are some results, taht are not thorough test, but made me understand the "SSL portal" view available on SA520,

After successfull login with a SSLVPNUSER, the internet explorer tryes to load a vitualtransport.cab application,

this then launches an SSL square with progress toolbar, that inconfies when finished.

You can see the "activated" keyword when clicking on the orange icon, on the toolbar.

But on my suprise, the portal page didn't move, it remeans the same with 3 options (I only checked the box portforwarding):

- VPN

- portforwarding

- password change

I only needed the portwarding ...and icons for application portforwarding as "usual"

In results, this seems to be a VPN clientless application, wich activate by loading your browser on the WAN IP if you use the default page.

So the "SSL portal" in optionless, only a client enabler VPN, simular in result for the end-customer to IPSec VPN, but using the tcp443 port.

I think this is very hard for end-customer, non-technology-aware passing all theses steps, successfully, and then launching an other end-application to access the VPN. I will try client IPSec.

Regards

rar

aboutnetwork Thu, 12/24/2009 - 10:25

Sorry,

I know succeded in encountering the same problem (after power down and restarting several hours later))

Now admin user connection gets this response :

"User authentication Failed. Only default portal's users should be allowed to login."

I succeded in loosing my head, I can't connect anymore (WAN IP and LAN IP),

I only get the https://x.x.x.x wich redirects to https://x.x.x.x/scgi-bin/platform.cgi page with the same blue Cisco page ....

and there is no ssh/telnet or any CLI console ...

So I can't help anymore ;(

resetting ....

Regards

rar

Steven Smith Tue, 01/19/2010 - 08:21

The cisco/cisco user is the default user.  There isn't a password recovery, but hopefully you saved off the last good working config.  Let me know if you still are having problems accessing the router.

Actions

This Discussion