I am just getting started with Cisco IOS. I have a Cisco 881 security router and would like to set up remote access with SSL VPN. I have been playing around on it to see if I can get the VPN to work. I left a number of settings at the default.
At this point, I can connect to the outside interface with Firefox and it prompts me to accept the self-signed certificate. After I accept the cert, I get a message saying the connection was reset. On Chrome, I get "no data received" and the exact error is: ERR_EMPTY_RESPONSE.
Here is the config:
yourname#sh run Building configuration...
Current configuration : 3630 bytes ! ! Last configuration change at 06:09:23 UTC Tue Feb 4 2014 by chris version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname yourname ! boot-start-marker boot-end-marker ! ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local ! ! ! ! ! aaa session-id common memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-2639227812 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2639227812 revocation-check none rsakeypair TP-self-signed-2639227812 ! ! crypto pki certificate chain TP-self-signed-2639227812 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363339 32323738 3132301E 170D3134 30323033 32313233 31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333932 32373831 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CADD 63574CA3 871BA4C1 D62A55A9 87F99C4C 9C58C413 F3497CA4 7213B8FB 8FD61D70 BAB8A66C A420871D 01B84D09 DB12FEA3 F06F3C19 8A97E82E 0F1FB7A1 7EC1053B 94BACA23 DAF27F3F 71037B78 6FC8EC3F E6EABBB9 61E18238 70C433AF FAF04FF3 C38C46FE 2B6F8D39 8EBC2243 79B3DAF3 FFAA7BF0 817857A8 F9A719DC 905F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 143AA2C6 5EF5EFFD B5696A0B F6B3C6DD 52B42E43 0D301D06 03551D0E 04160414 3AA2C65E F5EFFDB5 696A0BF6 B3C6DD52 B42E430D 300D0609 2A864886 F70D0101 05050003 8181009E 3600A0E4 AAAEA09E C832C7A7 C7BAB558 6086E105 FEBA2EC2 AA3115A4 7FEF2920 679D262C 0A5D3AD8 3406DC3D 56D38D9D A793B136 1CAFB7C6 0DF8258D F196025F BFB76420 D2928DB3 E468417C 485E3714 54A8CDBB 54097C71 A8DF7C06 3B289950 CF34F01F 87BB9CAD 59F8CCE4 B4645C0C B12E9AD1 63B3756F 6CA234A7 8FC083 quit ! ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.248 default-router 10.10.10.1 lease 0 2 ! ! ! no ip domain lookup ip domain name yourdomain.com ip cef no ipv6 cef ! ! license udi pid CISCO881-K9 sn FTX180180QM ! ! username chris password 0 XXXXXX ! crypto vpn anyconnect flash:/webvpn/anyconnect-win-3.1.03103-k9.pkg sequence 1 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 ip address 74.74.74.74 255.255.255.0 duplex auto speed auto ! interface Vlan1 description $ETH_LAN$ ip address 10.10.10.1 255.255.255.248 ip tcp adjust-mss 1452 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! access-list 23 permit 10.10.10.0 0.0.0.7 no cdp run ! ! ! ! ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 transport input telnet ssh ! ! ! webvpn gateway yourname hostname yourname ip address 74.74.74.74 port 443 http-redirect port 80 ssl trustpoint TP-self-signed-2639227812 inservice ! webvpn context Cisco-WebVPN title "SSL VPN" ! acl "ssl-acl" permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0 login-message "Welcome" ! ssl authenticate verify all inservice ! end