SA520-k9 ssl vpn OR clarification needed

Unanswered Question
Sep 29th, 2010

I am not sure exactly how the ssl is supposed to work on this device.

I believe initially when I used the https://publicip/portal/sslvpn it would take me to the vpn logon page or did it?

Right now it takes me to a configuration page, which I dont like having public, at which time an ssl user logs in with their information and then it takes you to the ssl vpn portal page, IF you are on the lan or already connected by ipsec vpn.

If connecting by WAN then it tells you to connect through the correct ssl portal page.

I opened a ticket with support and was unable to get this resolved. I asked for escalation and was told they were already working with an escalation engineer... and it couldnt be solved.

Anyone know what is going on?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
juliomar Tue, 10/05/2010 - 18:29

Hi Johnny,

Do you have the case number so I can review it?

In order for SSL VPN or Quick VPN to be available, the SA 500 must have the Remote Management enabled.  Thus your SA 520 will become accessible to anyone who knows its WAN IP address.   It is therefore strongly recommended to change default account passwords before enabling this.

After the remote management is enabled, the SA will be available to be managed from the WAN, and SSL VPN capability is available to users.  The login page for the SSL VPN portal page looks similar to the remote management page, but they are different.

As to the reason you may be getting the "If connecting by WAN then it tells you to connect through the correct  ssl portal page." error, the reason is that the URL for the SSL VPN connection is case sensitive in regards to the Portal Name, so if you type:

https://publicip/portal/sslvpn

Then you will get that error message as the default URL is as follows:

https://publicip/portal/SSLVPN

Do note that the part after https://publicip/portal/ is case sensitive.  So if you make custom Portal such as EnGiNeErS, then they can only connect to that SSL Portal if they exactly enter the following URL on their browser:

https://publicip/portal/EnGiNeErS

I hope this answers your question, and if not please feel free to ask more questions...

Best regards,

Julio

Actions

This Discussion

Related Content