SSL VPN CLIENT for WEBVPN tunnel connection cisco 877

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
enrico74
n00b
Messaggi: 10
Iscritto il: mar 16 ott , 2007 3:54 pm

Salve,

Ho un cisco 877 con IOS 12.4(15)T6 "C870-ADVIPSERVICESK9-M" e dovrei configrare un VPNSSL full tunnel , da cio che ho letto di base questo IOS dovrebbe pemettere due tunnel ssl,
via allego la mia conf ristretta:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime year
service timestamps log datetime localtime year
service password-encryption
service sequence-numbers
!
hostname gw
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$Oygg$Qxo9GKT3uuZ3fPhqsOKLn.
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone met 1
clock summer-time MET+1 recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-3898458434
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3898458434
revocation-check none
rsakeypair TP-self-signed-3898458434
!
!
crypto pki certificate chain TP-self-signed-3898458434
certificate self-signed 01
308201FC 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
4F312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383938 34353834 3334311C 301A0609 2A864886 F70D0109
02160D67 772E6661 72737061 2E636F6D 301E170D 30393033 30393133 3334343dot11 syslog
no ip source-route
ip cef
!
!
!
!
no ip bootp server
ip domain name XXXXXXXXXXX
ip name-server 10.0.0.201
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username XXXXX privilege 15 password 7 XXXXXXXXXXXXXXF175F
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh authentication-retries 2
!
!
!
interface Loopback0
description GATEWAY
ip address XXXXXXX 255.255.255.255
!
interface Loopback1
description IP per XXXX
ip address XXXXX 255.255.255.255
!
interface Loopback2
description IP per XXXX
ip address XXXXXX 255.255.255.255
!
interface Loopback3
ip address "indirizzo su cui risponde sslvn" 255.255.255.255
!
interface Loopback4
ip address 10.0.4.1 255.255.255.0
!
interface ATM0
mtu 1500
no ip address
no ip redirects
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address xxxxxxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address xxxxxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
ip local pool sslpool 10.0.4.2 10.0.4.11
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 101 interface Loopback0 overload
!
!
no cdp run
!
!
!
!
control-plane

line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
sntp server xxxxxxxxxxxxx
!
webvpn gateway gateway_1
ip address "IP pubblico ssl vpn" port 443
http-redirect port 80
ssl trustpoint TP-self-signed-3898458434
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context intranet
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "sslpool"
svc keep-client-installed
svc rekey method new-tunnel
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway gateway_1
inservice
!
end

Spero di non aver cancellato troppo della configurazione.

Quando mi collego al cisco con ie7 mi appare la pagina di VPNSSL e mi autentifico correttamente, scelgo l'opzione Tunnel Connection mi si installa il client SSL VPN CLIENT for WEBVPN cisco e poi mi ritorna il seguente messaggio :

"The SSL VPN connection was trerminated by the remote peer and could not beautomatically re-established ....."

Ho verificato il debug sul cisco ed ho trovato la seguente anomalia che sinceramente non capisco :

Mar 9 2009 16:31:04: WV: Entering APPL with Context: 0x84837088,
Mar 9 16:31:05 gw 10492: Data buffer(buffer: 0x84A161B0, data: 0x07848418, len: 304,
Mar 9 16:31:05 gw 10493: offset: 0, domain: 0)
Mar 9 16:31:05 gw 10494: 006616: Mar 9 2009 16:31:04: WV: Appl. processing Failed : 2
Mar 9 16:31:05 gw 10495: 006617: Mar 9 2009 16:31:04: WV: server side not ready to send.


Qualcuno puo' darmi una dritta, ho gia provato a vedere sia il sito cisco che ha cercare sul web ma nin ho trovato nulla.

Grazie
Top
enrico74
n00b
Messaggi: 10
Iscritto il: mar 16 ott , 2007 3:54 pm

Problema risolto, aggiornando allo IOS 12.4.22T
Top
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:
Contatta Wizard

Che tristezza se ultime ios...piene di bug...
Anche sui firewall siamo nella stessa situazione purtroppo...
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Top
Avatar utente
zot
Messianic Network master
Messaggi: 1274
Iscritto il: mer 17 nov , 2004 1:13 am
Località: Teramo
Contatta:
Contatta zot

e già....ancora ne vado trovando una bona x ezvpn.... :roll:
Se c'è soluzione perchè t'arrabbi?
Se non c'è soluzione perchè t'arrabbi?

http://www.zotbox.net
Top
Rispondi

Torna a “VPN”