04-01-2010 01:49 PM
Hey everyone, first post here
I'm having issues getting webvpn to work properly, and something tells me its an obvious mistake on my part.
I getting this error after the webvpn gateway installs the client software: "The SSL VPN HTTP response code received from the gateway indicates an error". I've been searching around for a couple of days to find a solution, but so far I've come up empty handed while trying to debug the connection.
Any help would be great!
Current configuration : 16461 bytes
!
! Last configuration change at 12:53:43 MDT Thu Apr 1 2010 by ben
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authentication login sdm_vpn_xauth_ml_5 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone MST -7
clock summer-time MDT recurring
!
crypto pki server vpn
database archive pem password 7 <removed>
issuer-name O=My Company, OU=IT, CN=Company_2821, C=US, ST=CO, E=it_staff@example.com
!
crypto pki trustpoint godaddy.trustpoint
enrollment terminal
fqdn vpn.sparkfun.com
subject-name CN=vpn.example.com,OU=VPN,O=My Company,C=US,ST=Colorado
revocation-check crl
rsakeypair GDKey
!
crypto pki certificate chain godaddy.trustpoint
certificate <removed>
quit
certificate ca 0301
<removed>
quit
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.255
!
ip dhcp pool 192.168.0.0/22
network 192.168.0.0 255.255.252.0
default-router 192.168.0.1
dns-server 192.168.1.5 8.8.8.8
netbios-name-server 192.168.0.10
domain-name internal.example.com
!
!
ip domain name example.com
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
password encryption aes
username ben privilege 15 secret 5 <removed>.
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
archive
log config
hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
description EXTERNAL$ETH-WAN$
ip address <removed> 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description INTERNAL
ip address 192.168.0.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip local pool VPN_POOL 192.168.10.10 192.168.10.100
ip default-gateway <removed>
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 15 interface GigabitEthernet0/0 overload
!
access-list 15 permit 192.168.0.0 0.0.255.255
no cdp run
!
!
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
sntp server 69.64.37.141
!
!
webvpn gateway gateway_1
hostname vpn.example.com
ip address <removed> port 443
http-redirect port 80
ssl trustpoint godaddy.trustpoint
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context vpn
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_POOL"
svc keep-client-installed
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_5
gateway gateway_1
inservice
!
end
04-01-2010 03:12 PM
Which SSL Client software did you install? Can you share the file name please.
04-01-2010 04:56 PM
Sure - it's what came with the router which was purchased just a few days ago.
Filename: sslclient-win-1.1.4.176.pkg
04-02-2010 12:19 AM
sslclient is the old version of ssl. Please download anyconnect client from cisco download site. The latest version is 2.4.
04-02-2010 07:42 AM
Thanks Halijenn,
Do you know if its possible to download the client without a support contract? It seems wrong that the software shipped with the router is non-functional, and then require payment for the fix.
04-02-2010 07:03 PM
The router should be still under warranty, and if you have CCO login, you should be able to download the anyconnect software.
Alternatively, if you open a TAC case, engineer can publish it for you if it's under warranty.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide