Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL VPN

I can't seem to get the SSL VPN working on the UC540W.  It was working then it disappeared.  Basicaly the webvpn.html page never comes up and I just get a blank page in IE.  I can telnet to the unit so I know the port is open and can get to it.

Looking for suggestions on this one.  Specifically any files I might be missing on the flash drive or any command line entries I might be missing that CCA did not apply.

Thanks.

Everyone's tags (3)
5 REPLIES
New Member

SSL VPN

What version of IOS are you using? I seem to remember there being some problems with SSL VPN in 15.1(2)T2.

I had a problem earlier this year with the SSL VPN on our UC540. When I turned on debugging for http ssl I would receive ssl handshake errors. I had to create a new trustpoint and generate a new certificate to fix the problem.

Try doing show crypto ca cert to check the validity of your certificate.

Cole

New Member

Re: SSL VPN

I have the latest IOS from the latest SWP and it's been going on for at least one or two others, so I don't think that is it.

I dont' think the certificate would prevent me from hitting the page.  I checked ther cert anyway and it's valid.  I always get IE can't display the page. 

New Member

SSL VPN

I checked another UC box and it was doing the same thing.  The certificate showed valid as well.  I put the debug on and it did show a couple of errors but I couldn't determine where the problem was from the description.

I decided to create a new self-signing cert anyway just to see what would happen, and that worked.

Thanks for pointing that out.

Cisco Employee

SSL VPN

Hi,

If you don't see the page at all, then it may be a certificate issue.  To verify this, run the following debugs and try browsing to the UC540?

-  debug crypto pki trans

-  debug crypto pki mess

-  debug ssl openssl error

Check for something along the lines of the following:

000298: Apr 28 18:46:04.699: CRYPTO_PKI: Can not select private key

000299: Apr 28 18:46:04.699: CRYPTO_OPSSL: Can't find router private key

If you see that, then rebuilding and re-enrolling the trustpoint should work.

Thanks,

Brandon

New Member

Re: SSL VPN

Yes, I did run the debug in the previous post and got those type of errors.  The debugs may have been slightly different, but enough to show there was a problem.

Actually, I ended up creating a certificate from a CA so I wouldn't get browser warning messages that happen when you use a self-signed cert.  That worked as well.

1737
Views
0
Helpful
5
Replies
CreatePlease to create content