cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1508
Views
0
Helpful
10
Replies

GUI access of VPN Concentrator?

pratimark
Level 1
Level 1

We have VPN concentrator 3030 with software version 4.7.2.J. We use to manage it through GUI by using HTTPS access. The problem, now, is that we are not able to HTTPS (on private interface) it to manage the concentrator through GUI. Though, the device can be telneted at port 443, and is also accessible through telnet. We have also rebooted the device twice.

Is this some sort of BUG or something got misconfigured?

1 Accepted Solution

Accepted Solutions

slmansfield
Level 4
Level 4
10 Replies 10

slmansfield
Level 4
Level 4

Here's some information for you on this issue.  I'm thinking you have to re-generate the certificate on the concentrator.  HTH

https://supportforums.cisco.com/docs/DOC-1455

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce36.html#1882932

thanks slmansfield,

But first thing is that NO IP ADDRESS was changed on any interface.

Also, I'm trying to access concentrator on private interface as we always use to do and certificate is also valid.

In the section Configuration -> Interfaces, the WebVPN tab has settings for accessing each interface via a GUI.  Is the first attribute checked, "Allow Management HTTPS Sessions"?

Are you able to HTTP into the concentrator?

Slamsfield,

Attribute related to "Allow Management HTTPS Sessions" and also, HTTP access to private interface of device is Enabled.

That’s why, we are able to telnet it on port 443.

Thanks,

Pratinav Markande

Slmansfield,

An update: I can only telnet the device to get the CLI mode. I'm not able to telnet it on port 80 i.e., HTTP. And again, manage through HTTP and HTTPS options are enabled on private interface.

Thanks,

Pratinav Markande.

Just to clarify, you are currently unable to HTTP and HTTPS into the concentrator via the GUI.

Do you have a proxy device between your client and the concentrator?

Are you able to run an Ethereal (sniffing software) on your PC to look at the network traffic?

No, we do not have any proxy server between client and concentrator.

Also, do let me know why you are suggesting sniffer. Actually, we have multiple sites from where we can access/administer the concentrator and the situation is same from every site.

Are you currently unable to HTTP and HTTPS (both protocols) to the concentrator?

I suggested the Ethereal to see the conversation between your client and the concentrator.

We can telnet it on HTTPS (but not via internet browser).

We cannot telnet it on HTTP (nor through the browser)

Regards,

Pratinav Markande

Just to confirm a few settings on your concentrator, on the Configuration -> Tunneling an Security -> SSL -> HTTPS you enable HTTPS, port 443, no client authentication with certificates?

The Protocols tab is set to "Negotiate SSL V3/TLS V1".  You also have the appropriate encryption protocols checked?

Lastly, could you verify that you are not blocking this traffic on the private filter?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: