Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1305
Views
0
Helpful
0
Replies

WebVPN on Cisco 881 - anyconnect errors

davidroush
Level 1
Level 1

‎05-29-2012 09:28 PM - edited ‎02-21-2020 06:05 PM

Hello!

Trying to set up webvpn on an 881, below is the configuration. When I try to connect I get a certificate error and then "unable to process response from x.x.x.x". I've installed the certificate and played with the configuration, no joy. What am I missing? Any help is appreciated!

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 881
!
boot-start-marker
boot system flash c880data-universalk9-mz.124-24.T7.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable secret 5 *******************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone MDT -7
clock summer-time MDT date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3889000205
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3889000205
 revocation-check none
 rsakeypair TP-self-signed-3889000205
!
!
crypto pki certificate chain TP-self-signed-3889000205
 certificate self-signed 01
  3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383839 30303032 3035301E 170D3132 30343131 32333434
  34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383930
  30303230 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C761 647E5607 0C3DCBA2 3ABDBDB9 75A5B7F7 73D2F941 8AABEC44 00EAA942
  5E4F7176 1BBC506B 6469E976 38C4692B 6D47B0D2 E771125E 3DA4873C D3080C2D
  7FC889EE 5CA0B10C 0541DE8D CA703C30 3F27CBB9 21287D3F C503D0AD E7F40F33
  491ED3DD 31DA595D 325BFD6D 1E280B39 3D454B69 7191BDB1 ECD297A0 7CA68E6A
  7A6B0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
  551D1104 16301482 12383831 2E43756E 6E696E67 68616D2E 636F6D30 1F060355
  1D230418 30168014 E7592767 8D155688 BE30CE21 7D65B5CF 5EACF7AD 301D0603
  551D0E04 160414E7 5927678D 155688BE 30CE217D 65B5CF5E ACF7AD30 0D06092A
  864886F7 0D010104 05000381 810072DC DCD37044 F2F055D2 F67A355D 8148A017
  026F44F4 732BD3C4 55C8B842 E1B8A935 964B4895 AEBCB725 6F19B16D C086A803
  55F6E0EF 3FB3048A B4EF1BDB A365ED16 929EE369 26FF663F 625F4740 3461DD0F
  B97819B0 D3CE9085 F76D826F 439A9690 27C8884B FC0C113D 31467E2D 5374C67D
  C384CEFD E1F688DC 76E1A9B9 D241
        quit
ip source-route
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.49
ip dhcp excluded-address 10.0.0.151 10.0.0.254
!
ip dhcp pool myPool
   import all
   network 10.0.0.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 10.0.0.1
   lease 7
!
!
ip cef
no ip domain lookup
ip domain name Cunningham.com
no ipv6 cef
!
!
!
!
username xzxxxx privilege 15 secret 5 xxxxxxx

!
!
!
archive
 log config
  hidekeys
!
!
no ip ftp passive
!
!
!
interface Loopback1
 no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 description Link to switch
!
interface FastEthernet4
 description ISP Link
 ip address 66.*.*.* 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered FastEthernet4
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan1
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 switchport mode trunk
!
interface Vlan1
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip local pool VPN_Pool 10.0.0.151 10.0.0.175
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 66.*.*.*
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface FastEthernet4 overload
!
logging history debugging
access-list 10 permit 10.0.0.0 0.0.0.255
!
!
!
!
!
control-plane
!
banner login ^CUnauthorized access, use, or attempts at unauthorized access or use of htis computer netowrk are violations of law.  Violators will be prosecuted to the fullext extent of local and international laws^C
!
line con 0
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
line vty 0 4
 password 7 06160E325F59060B01
 transport input telnet ssh
 transport output telnet ssh
!
scheduler max-task-time 5000
!
webvpn gateway gateway_1
 ip address 66.*.*.* port 443
 ssl trustpoint TP-self-signed-3889000205
 inservice
 !
webvpn sslvpn-vif nat inside
 !
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2019-k9.pkg sequence 1
 !
webvpn context VPN
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 !
 !
 policy group policy_1
   functions svc-enabled
   svc address-pool "VPN_Pool"
   svc keep-client-installed
   svc rekey method new-tunnel
   svc dns-server primary 8.8.8.8
 virtual-template 1
 default-group-policy policy_1
 aaa authentication list ciscocp_vpn_xauth_ml_1
 gateway gateway_1 domain vpn
 max-users 20
 inservice
!
end

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents