IP Phone SSL VPN through ASA

IPsec, L2TP, Split tunneling, PPTP and all other VPN related posts.
Post Reply
Guest

IP Phone SSL VPN through ASA

Post by Guest » Thu Aug 26, 2010 3:50 pm

Im in the middle of configuring Ip Phone SSL VPN through ASA, got stuck on authentication.. When I enter username and password on the phone screen, i get "Username and password failed" message on the screen. However, in ASA logs I see the following line

 

Feb 16 2011    15:12:57    725002    85.132.43.67    52684            Device completed SSL handshake with client vpn:85.132.*.*/52684

Feb 16 2011    15:17:26    725007    85.132.43.67    52745            SSL session with client vpn:85.132.*.*/52745 terminated.

 

What does it mean?  How can I turn on debugging to see what is going on?

 

Thank you in advance!


Guest

Re:IP Phone SSL VPN through ASA

Post by Guest » Thu Aug 26, 2010 4:13 pm

Hi,

 

If you e not using certificates in client authentication then the SSL handshake will complete before the user is requested to authenticate with username/password.  If this authentication request fails you will see the SSL session terminated immediately following this failure (as in the logs you provided).  Notice the 5 seconds between the SSL session establishment and termination, this is most likely when the user is being authenticated against the aaa server.  If the phone is failing authentication against an external aaa-server youll want to investigate the logs on that server to determine the root cause of the failure.  The ASA can also provide confirmation of the authentication request/reject with the command show aaa-server.  If you want to see whats going on at an authentication protocol level you can enable several debugs including "debug aaa authentication|common|internal and protocol specific debugs such as debug radius user|session|all or debug ldap.

 

Did this answer your question? If so, please mark it Answered!


Guest

Re:IP Phone SSL VPN through ASA

Post by Guest » Thu Aug 26, 2010 5:24 pm

Thank you Jeffrey, I already managed to solve it myself, thank you anyway!


Post Reply