Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GUI access of VPN Concentrator?

We have VPN concentrator 3030 with software version 4.7.2.J. We use to manage it through GUI by using HTTPS access. The problem, now, is that we are not able to HTTPS (on private interface) it to manage the concentrator through GUI. Though, the device can be telneted at port 443, and is also accessible through telnet. We have also rebooted the device twice.

Is this some sort of BUG or something got misconfigured?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: GUI access of VPN Concentrator?

Here's some information for you on this issue.  I'm thinking you have to re-generate the certificate on the concentrator.  HTH

https://supportforums.cisco.com/docs/DOC-1455

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce36.html#1882932

10 REPLIES
Silver

Re: GUI access of VPN Concentrator?

Here's some information for you on this issue.  I'm thinking you have to re-generate the certificate on the concentrator.  HTH

https://supportforums.cisco.com/docs/DOC-1455

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_administration_guide_chapter09186a008015ce36.html#1882932

New Member

Re: GUI access of VPN Concentrator?

thanks slmansfield,

But first thing is that NO IP ADDRESS was changed on any interface.

Also, I'm trying to access concentrator on private interface as we always use to do and certificate is also valid.

Silver

Re: GUI access of VPN Concentrator?

In the section Configuration -> Interfaces, the WebVPN tab has settings for accessing each interface via a GUI.  Is the first attribute checked, "Allow Management HTTPS Sessions"?

Are you able to HTTP into the concentrator?

New Member

Re: GUI access of VPN Concentrator?

Slamsfield,

Attribute related to "Allow Management HTTPS Sessions" and also, HTTP access to private interface of device is Enabled.

That’s why, we are able to telnet it on port 443.

Thanks,

Pratinav Markande

New Member

Re: GUI access of VPN Concentrator?

Slmansfield,

An update: I can only telnet the device to get the CLI mode. I'm not able to telnet it on port 80 i.e., HTTP. And again, manage through HTTP and HTTPS options are enabled on private interface.

Thanks,

Pratinav Markande.

Silver

Re: GUI access of VPN Concentrator?

Just to clarify, you are currently unable to HTTP and HTTPS into the concentrator via the GUI.

Do you have a proxy device between your client and the concentrator?

Are you able to run an Ethereal (sniffing software) on your PC to look at the network traffic?

New Member

Re: GUI access of VPN Concentrator?

No, we do not have any proxy server between client and concentrator.

Also, do let me know why you are suggesting sniffer. Actually, we have multiple sites from where we can access/administer the concentrator and the situation is same from every site.

Silver

Re: GUI access of VPN Concentrator?

Are you currently unable to HTTP and HTTPS (both protocols) to the concentrator?

I suggested the Ethereal to see the conversation between your client and the concentrator.

New Member

Re: GUI access of VPN Concentrator?

We can telnet it on HTTPS (but not via internet browser).

We cannot telnet it on HTTP (nor through the browser)

Regards,

Pratinav Markande

Silver

Re: GUI access of VPN Concentrator?

Just to confirm a few settings on your concentrator, on the Configuration -> Tunneling an Security -> SSL -> HTTPS you enable HTTPS, port 443, no client authentication with certificates?

The Protocols tab is set to "Negotiate SSL V3/TLS V1".  You also have the appropriate encryption protocols checked?

Lastly, could you verify that you are not blocking this traffic on the private filter?

946
Views
0
Helpful
10
Replies