Problem with telnet traffic through SSL VPN with SA540

Unanswered Question
Jan 8th, 2010

I'm trying to set up an SA540 security appliance for SSL VPN in order to tunnel telnet traffic to a Linux host. Using the "Port Forwarding" client we get an immediate error message in the log that the security certificate has expired, and the telnet client immediately disconnects. We cannot get direct access to the target Linux system since another organization controls it (the machine and service it provides are leased), but I do not believe it is firewalled. As a test I briefly forwarded port 23 from the external interface direct to the Unix system, and got a login prompt.

I have the appropriate port forwarding applicaton entry configured, forwarding port 23 to the appropriate IP address on the LAN. For test purposes, all SSL VPN policies that would restrict traffic have been removed. Firmware is the latest.

Please note that this router is part of a new product line and is unlike other Cisco products in that there is no CLI, all configuration is web-based. The following is the log output from the Port Forwarding client:

[2010-Jan-8 14:43:58] Process Id 3552: Destination IP Address
[2010-Jan-8 14:43:58] Process Id 3552: Destination IP Port 23
[2010-Jan-8 14:43:58] Process Id 3552: Tunnel this above address and port through Access Point
[2010-Jan-8 14:43:58] Process Id 3552: After sending connection string to Access Point
[2010-Jan-8 14:43:58] Process Id 3552: AsyncMsgHandler: Class name is 'MenloLogic Layered WS2 Provider 0x00000de0'
[2010-Jan-8 14:43:58] Process Id 3552: ALGReceive: SSL security context expired. Connection closed by server.

... after which the telnet session aborts.

Any ideas what may be causing this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carterbraxton Fri, 01/08/2010 - 20:06

Due to some other issues we wound up resetting the unit to factory defaults and reconfiguring - now it works, go figure.

I get the impression working with this unit that the firmware is a bit quirky yet.


This Discussion

Related Content