Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can't get WebVpn full SSL client to work

Hello,

I just get a new 1812 router and i wanna try the full SSL client. I upgrade IOS to 12.4.9T1, get last SDM and last vpn ssl package.

I follow the wizard on SDM to configure a simple webvpn on my outside network.

I can connect to the portal with my creditentials, and the ssl client install itself. It write warnings about certificates. But at last, i always got a message window "http return code error, contact your network admin". And on event viewer i have some errors with STCAgent (one is HTTP response code from the gateway is 401 , unautorized....).

I try on 2 different PC's with XP PRO SP2.

What else to try ??

Thanks

4 REPLIES
New Member

Re: Can't get WebVpn full SSL client to work

Hi,

I am getting the exact same error. Below is my webvpn configuration:

webvpn gateway guest

ip address 10.100.1.254 port 443

http-redirect port 80

ssl trustpoint TP-self-signed-927014488

inservice

!

webvpn install svc flash:/webvpn/svc.pkg

!

webvpn install csd flash:/webvpn/sdesktop.pkg

!

webvpn context guest

title-color #669999

secondary-color white

text-color black

ssl authenticate verify all

!

!

policy group fullclient

functions svc-required

hide-url-bar

svc address-pool "vpn-pool"

svc rekey method new-tunnel

svc dns-server primary 10.100.2.8

default-group-policy fullclient

aaa authentication list default

gateway guest

inservice

!

Have you solved your problem?

//F

New Member

Re: Can't get WebVpn full SSL client to work

Same here (using C871W, svc version 1,1,2,169).

I'm getting these errors (in succesion) in WinXP app log:

1. Source: STCAgent, ID: 20

2. Source: STCAgent, ID: 1 (Something about RasEnumEntries functio)

3. Source: STCAgent, ID: 1 (GetRasEntryName

4. Source: STCAgent, ID: 10 (HTTP response code from gateway is 401)

5. Source: STCAgent, ID: 2 (Termination reason code 28)

6. Source: STCAgent, ID: 1 (STCCONFIG_ERROR_HTTP_ERROR_RESPONSE)

7. Source: STCAgent, ID: 1 (SSL_ERROR_PARSE_FAILED)

8. Source: STCAgent, ID: (SSL_ERROR_INVALID_STATE)

There is nothing conclusive if I "debug webvpn"....

Anyone?

New Member

Re: Can't get WebVpn full SSL client to work

Edit: i found these messages when I did deb webvpn tunnel:

DEBUG,42455: WV-TUNL: Tunnel CSTP Version recv use 1

DEBUG,42456: WV-TUNL: Allocating tunl_info

DEBUG,42457: WV-TUNL: Allocating stc_config

DEBUG,42458: WV-TUNL: Allocating address 192.168.10.54 from local pool

DEBUG,42459: WV-TUNL: Cannot find IDB for IP address 192.168.10.54 in table 0

DEBUG,42461: WV-TUNL: Returning address 192.168.10.54 to pool

DEBUG,42462: WV-TUNL: Failed to config IP addr (192.168.10.54) to VRF Table (0)

DEBUG,42463: HTTP/1.1 401 Unauthorized

DEBUG,42470: WV-TUNL: Tunnel context (0x83764EA0) is removed from session (0x8378A4A0)

DEBUG,42471: WV-TUNL: Deallocating tunnel info 0x84034640

Anyone has an idea?

New Member

Re: Can't get WebVpn full SSL client to work

Just figured it out (at least for me)!:

I was missing a loopback interface with an IP in the same subnet as the webvpn address pool!!!

381
Views
0
Helpful
4
Replies