IOS SSL VPN
Are you using a self-signed certificate or one from a trusted CA?
My first thought is the browser does not trust self-signed certificates. Try temporarily disabling the security settings on the browser and test the connection again. Then be sure to re-enable the security settings. If the connection works, then the issue is the self-signed cert.
Alternatively, if you have Certificate Authority (CA) server setup on your network, you can generate a cert and import it on the router. Or you can always buy an official cert if this is going to be on the Internet. Either of these methods should circumvent the security setting issue in the browser if the CA is trusted in your browser settings.
Let me know the results of trying these suggestions. If it still doesn't work, I'll need more information such as full config files (minus the passwords) and browser settings.
i turned off browser (Mozilla) security parameters and no changes.
yes, i'm using a self-signed certificate. i don't have a CA server.
i think this is the router which is trying to authenticate any https and failing. frankly speaking i was hoping that someone will suggest how to turn this validation off (i believe ASA has this option) so the router wouldn't check any certificates.
but its a good idea to try to import https cert on to the router. i'll definitely try it and let you know.
thanks,
Another thought is to try regenerating the cert on the router. I've had issues with ssh not working due to bad certs.
I'll see if I can set this up in a lab and let you know the results in a few days.
hello again Adam,
i'm a bit lost in this world of certificates.. i can't export cert from browser to router because private keys are non-exportable or i don't understand something. anyway, if you got any ideas please share them with me ;).
Read through today's post and let me know if this helps.
http://tekcert.com/blog/2011/08/05/configuring-clientless-ssl-vpn-webvpn...
sure, here it is:
...
webvpn gateway gateway_1
ip address 193.219.xxx.xxx port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4051062895
inservice
!
webvpn context test
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
!
!
policy group policy_1
default-group-policy policy_1
aaa authentication list default
gateway gateway_1
inservice
!
...
P.S.
thanks for response ;). i must admit with ASA there is no such problem.