SSL/Web VPN webpage wont load on Cisco 1941

Unanswered Question
Jul 28th, 2010

Hi All,


I've configured ssl/web VPN on a cisco 1941 however when I try to connect no page displays.. It simply just times out...


We are running a Cisco 1941 + Security... IOS =  Version 15.0(1)M2    (c1900-universalk9-mz.SPA.150-1.M2.bin)


Running config displayed at the bottom..


Can anyone could shed some light on this issue please .. I've dropped very similar config on other routers and its works fine.. just not the 1941.. :|





Something which seems a bit odd is that directly after a reboot it thinks that the Licenses are in use.. ? or am I reading this wrong.. ?


sh license



Index 4 Feature: SSL_VPN

        Period left: Life time

        License Type: Permanent

        License State: Active, In Use

        License Count: 10/10/0  (Active/In-use/Violation)

        License Priority: Medium




Running Config Below...




version 15.0

service timestamps debug uptime

service timestamps log datetime localtime

no service password-encryption

!

hostname rtr01-xxxx

!

boot-start-marker

boot-end-marker

!

logging buffered 64000 informational

enable secret 5 xxxx

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

!

!

!

!

!

aaa session-id common

!

!

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip domain name xxxxxx

ip name-server 202.xxx.xx.4

ip name-server 202.xxx.xx.3

ip name-server 202.xxx.xx.3

!

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-3909085777

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3909085777

revocation-check none

rsakeypair TP-self-signed-3909085777

!

!

crypto pki certificate chain TP-self-signed-3909085777

certificate self-signed 01

  30820260 308201C9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030


  CUT


  401FEC7A 4BD5E4E3 4415FB25 9F528898 34885BF2 08FD93E1 C48B7B96 38E1C461 8C5EBBEE

        quit


!

!


redundancy

!

!

!

!

!

!

!

!

!

interface GigabitEthernet0/0

description IW R5K Uplink to Core 10Mb/10Mb

ip address 202.xxx.xx.xxx 255.255.255.252 secondary

ip address 202.xxx.xx.xxx 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface GigabitEthernet0/1

description LAN GW 192.168.1.0/24$ES_LAN$

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

!

interface Virtual-Template1

ip unnumbered GigabitEthernet0/1

!

!

ip local pool SSLDHCP 192.168.2.10 192.168.2.50

ip default-gateway 202.xxx.xxx.xxx

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source list 101 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.168.1.1 993 interface GigabitEthernet0/0 993

ip nat inside source static tcp 192.168.1.100 3389 interface GigabitEthernet0/0 3389

ip nat inside source static tcp 192.168.1.1 4125 interface GigabitEthernet0/0 4125

ip nat inside source static udp 192.168.1.253 5000 interface GigabitEthernet0/0 5000

ip nat inside source static tcp 192.168.1.1 2147 interface GigabitEthernet0/0 2147

ip nat inside source static tcp 192.168.1.1 2146 interface GigabitEthernet0/0 2146

ip nat inside source static tcp 192.168.1.253 5000 interface GigabitEthernet0/0 5000

ip nat inside source static tcp 192.168.1.1 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 192.168.1.1 2145 interface GigabitEthernet0/0 2145

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

!

!

!

!

snmp-server community xxxxx RO

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

transport input telnet ssh

line vty 5 15

transport input telnet ssh

!

scheduler allocate 20000 1000

!

webvpn gateway gateway_1

ip address 202.xxx.xxx.xxx port 443

http-redirect port 80

ssl trustpoint TP-self-signed-3909085777

inservice

!

webvpn install svc flash0:/webvpn/sslclient-win-1.1.4.179-anyconnect.pkg sequence 1

!

webvpn context RCSSLVPN

secondary-color white

title-color #CCCC66

text-color black

ssl authenticate verify all

!

!

policy group policy_1

   functions svc-enabled

   svc address-pool "SSLDHCP"

   svc keep-client-installed

virtual-template 1

default-group-policy policy_1

aaa authentication list ciscocp_vpn_xauth_ml_1

gateway gateway_1

max-users 10

inservice

!

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rahul Govindan Thu, 07/29/2010 - 01:28

  Can you try removing the virtual template command from the webvpn config? Also if that doesn't help try changing the webvpn port to something else(eg.4443)

Mustaffahamadi_2 Thu, 07/29/2010 - 04:20

Hi Rahgovin,


Thanks for the response.. I removed the license, rebooted .. re-installed the license rebooted again and now its working just fine.. a little odd but its working so all good


Have a good one

Actions

This Discussion