cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1670
Views
0
Helpful
5
Replies

SSL VPN response received from network gateway indicates error

benlemasurier
Level 1
Level 1

Hey everyone, first post here

I'm having issues getting webvpn to work properly, and something tells me its an obvious mistake on my part.

I getting this error after the webvpn gateway installs the client software: "The SSL VPN HTTP response code received from the gateway indicates an error".  I've been searching around for a couple of days to find a solution, but so far I've come up empty handed while trying to debug the connection.

Any help would be great!

Current configuration : 16461 bytes
!
! Last configuration change at 12:53:43 MDT Thu Apr 1 2010 by ben
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authentication login sdm_vpn_xauth_ml_4 local
aaa authentication login sdm_vpn_xauth_ml_5 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone MST -7
clock summer-time MDT recurring
!
crypto pki server vpn
database archive pem password 7 <removed>
issuer-name O=My Company, OU=IT, CN=Company_2821, C=US, ST=CO, E=it_staff@example.com
!
crypto pki trustpoint godaddy.trustpoint
enrollment terminal
fqdn vpn.sparkfun.com
subject-name CN=vpn.example.com,OU=VPN,O=My Company,C=US,ST=Colorado
revocation-check crl
rsakeypair GDKey
!
crypto pki certificate chain godaddy.trustpoint
certificate <removed>
        quit
certificate ca 0301

  <removed>
        quit
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.255
!
ip dhcp pool 192.168.0.0/22
   network 192.168.0.0 255.255.252.0
   default-router 192.168.0.1
   dns-server 192.168.1.5 8.8.8.8
   netbios-name-server 192.168.0.10
   domain-name internal.example.com

!
!
ip domain name example.com
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
password encryption aes
username ben privilege 15 secret 5 <removed>.
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
archive
log config
  hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
description EXTERNAL$ETH-WAN$
ip address <removed> 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!

interface GigabitEthernet0/1
description INTERNAL
ip address 192.168.0.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip local pool VPN_POOL 192.168.10.10 192.168.10.100
ip default-gateway <removed>
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 15 interface GigabitEthernet0/0 overload
!
access-list 15 permit 192.168.0.0 0.0.255.255
no cdp run
!
!
control-plane

line con 0
line aux 0
line vty 0 4
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
sntp server 69.64.37.141
!
!
webvpn gateway gateway_1
hostname vpn.example.com
ip address <removed> port 443
http-redirect port 80
ssl trustpoint godaddy.trustpoint
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context vpn
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
!
!
policy group policy_1
   functions svc-enabled
   svc address-pool "VPN_POOL"
   svc keep-client-installed
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_5
gateway gateway_1
inservice
!
end

5 Replies 5

Jennifer Halim
Cisco Employee
Cisco Employee

Which SSL Client software did you install? Can you share the file name please.

Sure - it's what came with the router which was purchased just a few days ago.

Filename: sslclient-win-1.1.4.176.pkg

sslclient is the old version of ssl. Please download anyconnect client from cisco download site. The latest version is 2.4.

Thanks Halijenn,

Do you know if its possible to download the client without a support contract? It seems wrong that the software shipped with the router is non-functional, and then require payment for the fix.

The router should be still under warranty, and if you have CCO login, you should be able to download the anyconnect software.

Alternatively, if you open a TAC case, engineer can publish it for you if it's under warranty.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: