11-29-2011 08:50 AM
hello All,
I would like to know if, in confuring an SSL VPN Clientless mode, servers I need to access should be directly connected to the VPN Gateway?
Thank you in advance.
Solved! Go to Solution.
11-29-2011 09:47 AM
Servers can be anywhere in the network but routing should be in place to reach them from VPN gateway.
Thanks
Ajay
11-29-2011 09:47 AM
Servers can be anywhere in the network but routing should be in place to reach them from VPN gateway.
Thanks
Ajay
11-30-2011 02:19 AM
Thanks Ajay,
when I try to connect to the servers, the following error message appears:
"Connection Error
Unable to connect to server x.x.x.x
.The server may not exist, or access to it may not be allowed."
But the server does exist.
Further more, the first day I configure and tested the SSL VPN Clientless It worked with Window Vista, but today it does not worked. It never worked with Window 7, but it works with Windows XP.
Please some one tell me: Does the SSL VPN Clientless, have opérating system compatibility problem??
I thought we needed just a web browser which accepts SSL.
thanks.
11-30-2011 02:39 AM
I dont think any restriction is there for clientless SSL VPN based on OS. I would suggest if it worked earlier then while connecting you should look at logs. Also see when you connect from Vista what error do you get on browser.
Thanks
Ajay
11-30-2011 03:00 AM
The following is the message the browser returns ( for Vista and 7):
" Unable to connect
Firefox can't establish a connection to the server at x.x.x.x (VPN gateway public adress).
The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."
when I tried later I recieved the same error message. Also I have disabled all the firewalls (the one for window and that of my Antivirus) I have.
Thanks.
11-30-2011 03:08 AM
Seems to be issue only with Firefox clear cache/delete cookies. Also uncheck if any proxy is configured should resolve may be reboot is required.
Thanks
ajay
11-30-2011 05:07 AM
Thank you Ajay for your help,
I have just done what you suggest, but nothing. I have the same error with Internet Explorer and Google Chrome.
Yet, when I'm in the LAN, the connection works normally but when I try to connect from outside of the LAN, it doesn't work, and I can not even ping the router.
Now, when the connection is successful, through XP, I can not access the servers I defined. I thought, eventhough I do not have accesses to those servers I could at least see the authentification interface of those servers. this is the message that appears:
"Connection Error
Unable to connect to server x.x.x.x
.The server may not exist, or access to it may not be allowed."
best regards
11-30-2011 05:09 AM
Hi,
I would suggest you should post your configuration so that someone can look into that.
Thanks
Ajay
11-30-2011 05:33 AM
These are the configurations I typed:
Authentification
configure terminal
aaa new-model
aaa authentication login sslvpn local
username xxxxx secret xxxxxx
username xxxxx secret xxxxxxxx
Gateway Configuration :
conf t
webvpn gateway Gateway
ip address x.x.x.x port 443
http-redirect port 80
ssl encryption 3des-sha1
inservice
end
Contexte Configuration
conf t
webvpn context Context
aaa authentication list sslvpn
gateway Gateway domain xxxx.xxx
inservice
max-users 2
end
Policy configuration :
conf t
webvpn context Context
policy group DefaultPolicy
banner "Welcome To The SSL VPN Service"
exit
default-group-policy DefaultPolicy
Customisation of the SSL VPN Portal:
conf t
webvpn context Context
login-message “sitetest”
title “testsite”
secondary-color darkseagreen
title-color #808080
text-color white
secondary-text-color black
exit
idle and session timeout
conf t
webvpn context Context
policy group DefaultPolicy
timeout idle 100
timeout session 36000
Clientless Configuration:
conf t
webvpn context SecContext
url-list ListForClientlessUsers
url-text “Server1” url-value https:// x.x.x.x
url-text "Server2" url-value https://xxx.xxx.xxx
heading “ClientlessAccess”
exit
conf t
ip name-server x.x.x.x
Thanks.
12-01-2011 12:51 AM
Hello All,
Concerning my OS problem with the Clientless SSL VPN, if I disable the Firewall of the LAN, will it solve the prblem?
Thanks.
12-01-2011 02:55 AM
When I disable the firewall on the router, the VPN worked. So the solution is to allow access on the gateway, through the https port.
thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: