Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL/EzVPN Help

Status
Not open for further replies.

greenemk

Technical User
Aug 16, 2006
16
US
I have the following setup for ezvpn and sslvpn on my router. The ezvpn connects fine, but I am unable to reach any resources that are bind the router once connected. It seems like a NAT problem, but I "think" I have that portion taken care of. As far as the SSL problem, when I try to connect to the configured site (ddns registered/sslvpn) the page just remains blank and I receive the following errors below.


Thanks
MG

WAN_GW#sh run
Building configuration...

Current configuration : 8911 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname WAN_GW
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
enable secret 5
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network vpn_group_ml_1 local
aaa authorization network vpn_group_ml_2 local
!
!
aaa session-id common
memory-size iomem 5
clock timezone CST -6
!
crypto pki trustpoint TP-self-signed-2369645874
enrollment selfsigned
serial-number
subject-name cn=IOS-Self-Signed-Certificate-2369645874
revocation-check none
rsakeypair TP-self-signed-2369645874
!
!
crypto pki certificate chain TP-self-signed-2369645874
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333639 36343538 3734301E 170D3131 30313232 30313535
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33363936
34353837 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009F7D 5F1E3513 5339E889 20449970 AB66CD32 B745148B D5717358 7DAB8108
808FD4FF FAAFF822 5428EE11 D14A062B 1643BA90 FC3C6DC4 6FF4FFB9 B7B8EADA

quit
dot11 syslog
no ip source-route
!
!
ip dhcp excluded-address 10.0.10.1 10.0.10.10
!
ip dhcp pool LAN
utilization mark high 10 log
network 10.0.10.0 255.255.255.0
default-router 10.0.10.1
dns-server 209.18.47.62 209.18.47.61
!
ip dhcp pool iPhone
host 10.0.10.200 255.255.255.0
hardware-address 6033.4bfa.9d2a
client-name iPhone
!
!
ip cef
no ip bootp server
ip name-server 209.18.47.62
ip name-server 209.18.47.61
ip inspect log drop-pkt
ip inspect name fw_rule http
ip inspect name fw_rule https
ip inspect name fw_rule smtp
ip inspect name fw_rule pop3
ip inspect name fw_rule dns
ip inspect name fw_rule h323
ip inspect name fw_rule netshow
ip inspect name fw_rule rcmd
ip inspect name fw_rule tcp timeout 30
ip inspect name fw_rule udp timeout 15
ip inspect name fw_rule icmp
ip inspect name fw_rule rtsp
ip inspect name fw_rule bittorrent
ip ddns update method DYNDNS
HTTP
add interval maximum 0 1 0 0
!
no ipv6 cef
ntp source FastEthernet1
!
multilink bundle-name authenticated
!
password encryption aes
!
!
username mg privilege 15 secret
!
crypto logging ezvpn
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
crypto isakmp client configuration address-pool local REMOTE
!
crypto isakmp client configuration group RAS
key xxxxxxxxxx
dns 209.18.47.62 209.18.47.61
pool REMOTE
acl 103
save-password
netmask 255.255.255.0
banner ^CCMG LAN ^C
crypto isakmp profile MG
match identity group RAS
client authentication list vpn_xauth_ml_2
isakmp authorization list vpn_group_ml_2
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set VPN esp-aes esp-sha-hmac
!
crypto ipsec profile VPN-IPSEC
set transform-set VPN
set isakmp-profile MG
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
!
!
interface Loopback0
description SSL VPN
ip address 172.5.0.1 255.255.255.0
!
interface Loopback1
description REMOTE VPN
ip address 172.10.10.1 255.255.255.0
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1
description $ETH-WAN$$FW_OUTSIDE$
ip ddns update hostname greenemk.dyndns.org
ip ddns update DYNDNS
ip address dhcp
ip access-group outside in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-IPSEC
!
interface Vlan1
description $FW_INSIDE$
ip address 10.0.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip local pool REMOTE 172.10.10.2 172.10.10.10
ip local pool SSLVPN 172.5.0.2 172.5.0.5
ip forward-protocol nd
ip http server
ip http access-class 2
ip http secure-server
!
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 30
!
ip nat inside source static tcp 172.5.0.1 443 interface FastEthernet1 443
ip nat inside source static tcp 172.5.0.1 80 interface FastEthernet1 80
ip nat inside source static tcp 10.0.10.5 5354 interface FastEthernet1 5354
ip nat inside source static udp 10.0.10.5 5353 interface FastEthernet1 5353
ip nat inside source static tcp 10.0.10.5 9969 interface FastEthernet1 9969
ip nat inside source static tcp 10.0.10.5 5900 interface FastEthernet1 5900
ip nat inside source static udp 10.0.10.5 5900 interface FastEthernet1 5900
ip nat inside source static udp 10.0.10.5 3283 interface FastEthernet1 3283
ip nat inside source static tcp 10.0.10.5 3283 interface FastEthernet1 3283
ip nat inside source static tcp 10.0.10.5 22 interface FastEthernet1 22
ip nat inside source static tcp 10.0.10.20 5001 interface FastEthernet1 5001
ip nat inside source route-map rmap_nat interface FastEthernet1 overload
!
ip access-list standard internal_net
permit 10.0.0.0 0.0.0.255
!
ip access-list extended nat_acl
deny ip 10.0.10.0 0.0.0.255 172.10.10.0 0.0.0.255
permit ip 10.0.10.0 0.0.0.255 any
ip access-list extended outside
permit tcp any any established
permit tcp any any eq 22
permit tcp any any eq 9969
permit udp host 216.136.156.75 eq 12000 any
permit tcp any any eq 443
permit tcp any any eq 5900
permit tcp any any eq 1723
permit udp any any eq 3283
permit tcp any any eq 5354
permit tcp any any eq 123
permit udp any any eq 5353
permit udp any any eq ntp
permit udp any eq ntp any
permit gre any any
permit udp any eq 3074 any
permit tcp any eq 3074 any
permit udp any any eq 3074
permit tcp any any eq 5001
permit udp any any eq 5001
permit udp any any eq bootps
permit udp any any eq bootpc
permit udp any eq domain any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
deny ip any any log
!
access-list 103 permit ip 10.0.10.0 0.0.0.255 172.10.10.0 0.0.0.255
!
!
!
!
route-map rmap_nat permit 10
match ip address nat_acl
!
!
!
control-plane
!
banner login ^CCCCCTHIS IS MY SHIT...ACCESS IS DENIED!!!!^C
!
line con 0
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
!
webvpn gateway SSL_GATEWAY
ip address 172.5.0.1 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-2369645874
logging enable
inservice
!
webvpn install svc flash:/webvpn/sslclient-win-1.1.4.176.pkg sequence 1
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context SecureMeContext
title "My SSL VPN Service"
secondary-color #C0C0C0
title-color #808080
ssl authenticate verify all
!
login-message "Welcome to My VPN"
!
policy group SSLPolicy
functions svc-enabled
svc address-pool "sslvpnpool"
svc keep-client-installed
default-group-policy SSLPolicy
aaa authentication list vpn_xauth_ml_1
gateway SSL_GATEWAY domain SSLVPN
max-users 10
inservice
!
end


*******************************************************
SSL VPN ERRORS




002692: *Jan 26 21:35:47.564 CST: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 166.205.12.71:62075
002693: *Jan 26 21:35:47.564 CST: WV: sslvpn process rcvd context queue event
002694: *Jan 26 21:35:47.564 CST: WV: sslvpn process rcvd context queue event
002695: *Jan 26 21:35:49.968 CST: WV: sslvpn process rcvd context queue event
002696: *Jan 26 21:35:49.968 CST: WV: Entering APPL with Context: 0x85D83B90,
Data buffer(buffer: 0x870E2008, data: 0x16D0BC95, len: 372,
offset: 0, domain: 0)
002697: *Jan 26 21:35:49.968 CST: WV: http request: /sslvpn with no cookie
002698: *Jan 26 21:35:49.968 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x871C87E8
002699: *Jan 26 21:35:49.968 CST: WV: sslvpn process rcvd context queue event
002700: *Jan 26 21:35:54.660 CST: WV: sslvpn process rcvd context queue event
002701: *Jan 26 21:35:54.660 CST: WV: Entering APPL with Context: 0x85D83B90,
Data buffer(buffer: 0x870E2008, data: 0x16D0A915, len: 335,
offset: 0, domain: 0)
002702: *Jan 26 21:35:54.660 CST: WV: http request: /favicon.ico with no cookie
002703: *Jan 26 21:35:54.660 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x871C87E8
002704: *Jan 26 21:35:54.660 CST: WV: sslvpn process rcvd context queue event
002705: *Jan 26 21:36:25.677 CST: WV: sslvpn process rcvd context queue event
002706: *Jan 26 21:36:25.677 CST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 166.205.12.71:62075
002707: *Jan 26 21:37:15.395 CST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 166.205.12.71:63482
002708: *Jan 26 21:37:39.531 CST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 166.205.12.71:1348
002709: *Jan 26 21:37:57.064 CST: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 166.205.12.71:1618
002710: *Jan 26 21:37:57.064 CST: WV: sslvpn process rcvd context queue event
002711: *Jan 26 21:37:57.068 CST: WV: sslvpn process rcvd context queue event
002712: *Jan 26 21:37:58.960 CST: WV: sslvpn process rcvd context queue event
002713: *Jan 26 21:37:58.960 CST: WV: Entering APPL with Context: 0x85D83B90,
Data buffer(buffer: 0x870E2008, data: 0x172052F5, len: 398,
offset: 0, domain: 0)
002714: *Jan 26 21:37:58.960 CST: WV: http request: /sslvpn with no cookie
002715: *Jan 26 21:37:58.960 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x85CAC4F0
002716: *Jan 26 21:37:58.960 CST: WV: sslvpn process rcvd context queue event
002717: *Jan 26 21:38:02.520 CST: WV: sslvpn process rcvd context queue event
002718: *Jan 26 21:38:02.520 CST: WV: Entering APPL with Context: 0x85D83B90,
Data buffer(buffer: 0x870E2008, data: 0x17204C75, len: 361,
offset: 0, domain: 0)
002719: *Jan 26 21:38:02.520 CST: WV: http request: /favicon.ico with no cookie
002720: *Jan 26 21:38:02.520 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x85CAC4F0
002721: *Jan 26 21:38:02.520 CST: WV: sslvpn process rcvd context queue event
002722: *Jan 26 21:38:27.781 CST: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 166.205.12.71:2236
002723: *Jan 26 21:38:27.781 CST: WV: sslvpn process rcvd context queue event
002724: *Jan 26 21:38:27.785 CST: WV: Entering APPL with Context: 0x85D83968,
Data buffer(buffer: 0x870E2008, data: 0x17203C18, len: 434,
offset: 0, domain: 0)
002725: *Jan 26 21:38:27.785 CST: WV: http request: /sslvpn with no cookie
002726: *Jan 26 21:38:27.785 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x871C87E8
002727: *Jan 26 21:38:27.785 CST: WV: sslvpn process rcvd context queue event
002728: *Jan 26 21:38:28.625 CST: WV: sslvpn process rcvd context queue event
002729: *Jan 26 21:38:28.629 CST: WV: Entering APPL with Context: 0x85D83968,
Data buffer(buffer: 0x870E2008, data: 0x17204C58, len: 352,
offset: 0, domain: 0)
002730: *Jan 26 21:38:28.629 CST: WV: http request: /favicon.ico with no cookie
002731: *Jan 26 21:38:28.629 CST: WV: Client side Chunk data written..
buffer=0x870E1FE8 total_len=135 bytes=135 tcb=0x871C87E8
002732: *Jan 26 21:38:28.629 CST: WV: sslvpn process rcvd context queue event
002733: *Jan 26 21:38:32.425 CST: WV: sslvpn process rcvd context queue event
002734: *Jan 26 21:38:32.425 CST: %SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: SSL_GATEWAY i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote

CCNA, CCNP, Sec+
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top