IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Im in the middle of configuring Ip Phone SSL VPN through ASA, got stuck on authentication.. When I enter username and password on the phone screen, i get "Username and password failed" message on the screen. However, in ASA logs I see the following line
Feb 16 2011 15:12:57 725002 22.214.171.124 52684 Device completed SSL handshake with client vpn:85.132.*.*/52684
Feb 16 2011 15:17:26 725007 126.96.36.199 52745 SSL session with client vpn:85.132.*.*/52745 terminated.
What does it mean? How can I turn on debugging to see what is going on?
Thank you in advance!
e not using certificates in client authentication then the SSL handshake will complete before the user is requested to authenticate with username/password. If this authentication request fails you will see the SSL session terminated immediately following this failure (as in the logs you provided). Notice the 5 seconds between the SSL session establishment and termination, this is most likely when the user is being authenticated against the aaa server. If the phone is failing authentication against an external aaa-server youll want to investigate the logs on that server to determine the root cause of the failure. The ASA can also provide confirmation of the authentication request/reject with the command show aaa-server. If you want to see whats going on at an authentication protocol level you can enable several debugs including "debug aaa authentication|common|internal and protocol specific debugs such as debug radius user|session|all or debug ldap.
Did this answer your question? If so, please mark it Answered!
Thank you Jeffrey, I already managed to solve it myself, thank you anyway!