GUI access of VPN Concentrator?

Answered Question
Mar 2nd, 2010
User Badges:

We have VPN concentrator 3030 with software version 4.7.2.J. We use to manage it through GUI by using HTTPS access. The problem, now, is that we are not able to HTTPS (on private interface) it to manage the concentrator through GUI. Though, the device can be telneted at port 443, and is also accessible through telnet. We have also rebooted the device twice.


Is this some sort of BUG or something got misconfigured?

Correct Answer by slmansfield about 7 years 3 weeks ago

Here's some information for you on this issue.  I'm thinking you have to re-generate the certificate on the concentrator.  HTH


https://supportforums.cisco.com/docs/DOC-1455


http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce36.html#1882932

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pratimark Wed, 03/03/2010 - 14:05
User Badges:

thanks slmansfield,


But first thing is that NO IP ADDRESS was changed on any interface.


Also, I'm trying to access concentrator on private interface as we always use to do and certificate is also valid.

slmansfield Thu, 03/04/2010 - 06:10
User Badges:
  • Silver, 250 points or more

In the section Configuration -> Interfaces, the WebVPN tab has settings for accessing each interface via a GUI.  Is the first attribute checked, "Allow Management HTTPS Sessions"?


Are you able to HTTP into the concentrator?

pratimark Thu, 03/04/2010 - 08:46
User Badges:

Slamsfield,


Attribute related to "Allow Management HTTPS Sessions" and also, HTTP access to private interface of device is Enabled.


That’s why, we are able to telnet it on port 443.


Thanks,

Pratinav Markande

pratimark Thu, 03/04/2010 - 09:20
User Badges:

Slmansfield,


An update: I can only telnet the device to get the CLI mode. I'm not able to telnet it on port 80 i.e., HTTP. And again, manage through HTTP and HTTPS options are enabled on private interface.


Thanks,

Pratinav Markande.

slmansfield Thu, 03/04/2010 - 11:45
User Badges:
  • Silver, 250 points or more

Just to clarify, you are currently unable to HTTP and HTTPS into the concentrator via the GUI.


Do you have a proxy device between your client and the concentrator?


Are you able to run an Ethereal (sniffing software) on your PC to look at the network traffic?

pratimark Thu, 03/04/2010 - 12:04
User Badges:

No, we do not have any proxy server between client and concentrator.


Also, do let me know why you are suggesting sniffer. Actually, we have multiple sites from where we can access/administer the concentrator and the situation is same from every site.

slmansfield Thu, 03/04/2010 - 12:11
User Badges:
  • Silver, 250 points or more

Are you currently unable to HTTP and HTTPS (both protocols) to the concentrator?


I suggested the Ethereal to see the conversation between your client and the concentrator.

pratimark Thu, 03/04/2010 - 12:17
User Badges:

We can telnet it on HTTPS (but not via internet browser).


We cannot telnet it on HTTP (nor through the browser)


Regards,

Pratinav Markande

slmansfield Thu, 03/04/2010 - 12:39
User Badges:
  • Silver, 250 points or more

Just to confirm a few settings on your concentrator, on the Configuration -> Tunneling an Security -> SSL -> HTTPS you enable HTTPS, port 443, no client authentication with certificates?


The Protocols tab is set to "Negotiate SSL V3/TLS V1".  You also have the appropriate encryption protocols checked?


Lastly, could you verify that you are not blocking this traffic on the private filter?

Actions

This Discussion