05-29-2012 09:28 PM - edited 02-21-2020 06:05 PM
Hello!
Trying to set up webvpn on an 881, below is the configuration. When I try to connect I get a certificate error and then "unable to process response from x.x.x.x". I've installed the certificate and played with the configuration, no joy. What am I missing? Any help is appreciated!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 881
!
boot-start-marker
boot system flash c880data-universalk9-mz.124-24.T7.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable secret 5 *******************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3889000205
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3889000205
revocation-check none
rsakeypair TP-self-signed-3889000205
!
!
crypto pki certificate chain TP-self-signed-3889000205
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383839 30303032 3035301E 170D3132 30343131 32333434
34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383930
30303230 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C761 647E5607 0C3DCBA2 3ABDBDB9 75A5B7F7 73D2F941 8AABEC44 00EAA942
5E4F7176 1BBC506B 6469E976 38C4692B 6D47B0D2 E771125E 3DA4873C D3080C2D
7FC889EE 5CA0B10C 0541DE8D CA703C30 3F27CBB9 21287D3F C503D0AD E7F40F33
491ED3DD 31DA595D 325BFD6D 1E280B39 3D454B69 7191BDB1 ECD297A0 7CA68E6A
7A6B0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12383831 2E43756E 6E696E67 68616D2E 636F6D30 1F060355
1D230418 30168014 E7592767 8D155688 BE30CE21 7D65B5CF 5EACF7AD 301D0603
551D0E04 160414E7 5927678D 155688BE 30CE217D 65B5CF5E ACF7AD30 0D06092A
864886F7 0D010104 05000381 810072DC DCD37044 F2F055D2 F67A355D 8148A017
026F44F4 732BD3C4 55C8B842 E1B8A935 964B4895 AEBCB725 6F19B16D C086A803
55F6E0EF 3FB3048A B4EF1BDB A365ED16 929EE369 26FF663F 625F4740 3461DD0F
B97819B0 D3CE9085 F76D826F 439A9690 27C8884B FC0C113D 31467E2D 5374C67D
C384CEFD E1F688DC 76E1A9B9 D241
quit
ip source-route
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.49
ip dhcp excluded-address 10.0.0.151 10.0.0.254
!
ip dhcp pool myPool
import all
network 10.0.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.0.1
lease 7
!
!
ip cef
no ip domain lookup
ip domain name Cunningham.com
no ipv6 cef
!
!
!
!
username xzxxxx privilege 15 secret 5 xxxxxxx
!
!
!
archive
log config
hidekeys
!
!
no ip ftp passive
!
!
!
interface Loopback1
no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
description Link to switch
!
interface FastEthernet4
description ISP Link
ip address 66.*.*.* 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet4
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool VPN_Pool 10.0.0.151 10.0.0.175
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.*.*.*
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface FastEthernet4 overload
!
logging history debugging
access-list 10 permit 10.0.0.0 0.0.0.255
!
!
!
!
!
control-plane
!
banner login ^CUnauthorized access, use, or attempts at unauthorized access or use of htis computer netowrk are violations of law. Violators will be prosecuted to the fullext extent of local and international laws^C
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password 7 06160E325F59060B01
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
!
webvpn gateway gateway_1
ip address 66.*.*.* port 443
ssl trustpoint TP-self-signed-3889000205
inservice
!
webvpn sslvpn-vif nat inside
!
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2019-k9.pkg sequence 1
!
webvpn context VPN
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
svc keep-client-installed
svc rekey method new-tunnel
svc dns-server primary 8.8.8.8
virtual-template 1
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1 domain vpn
max-users 20
inservice
!
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: