No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Users' Unsuccessful Login to the SSL VPN Gateway

Users' Unsuccessful Login to the SSL VPN Gateway

Common Causes

NOTE:

AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 serves as a Secure Sockets Layer (SSL) virtual private network (VPN) gateway.

This fault is commonly caused by one of the following:

  • There is no reachable route between the user and AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600, so the user and AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 cannot ping each other.
  • The browser installed on the remote terminal is either Internet Explorer or Firefox. The installed browser does not support JavaScript or enable the cookie function.
  • AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 does not load the web.zip package containing an sslpvn folder.
  • The Hypertext Transfer Protocol Secure (HTTPS) is not completely configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.
  • The virtual gateway is not completely configured on the AR100&AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600.
  • A user does not enter the correct user name or password.

Troubleshooting Flowchart

Figure 25-9 shows the troubleshooting flowchart.

Figure 25-9  Troubleshooting flowchart used when a user fails to log in to the SSL VPN gateway

Troubleshooting Procedure

Context

NOTE:

Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide technical support personnel.

Procedure

  1. Check whether the virtual gateway is completely configured on the device.

    • If the web page for login is displayed but no virtual gateway is available, run the display sslvpn gateway [ gateway-name ] command to check whether the virtual gateway function is enabled and the entered IP address is the same as that of the corresponding extranet interface.
    • If the virtual gateway is completely configured on the device and the fault persists, go to step 2.

  2. Check whether there is a reachable route between the user and device using ping.

    • If the ping operation fails, rectify the route fault according to The Ping Operation Fails.
    • If the ping operation succeeds, go to step 3.

  3. Check the browser on the remote terminal.

    The browser on the remote terminal must meet the following requirements:

    • Version: Internet Explorer 6.0 or later versions or Firefox 3.0 or later versions
    • Enabled with the JavaScript function
    • Enabled with the cookie function

    If the browser meets these requirements and the fault persists, go to step 4.

  4. Check whether the device has loaded the web.zip package containing an sslvpn folder.

    Run the display current-configuration command in any view to check whether the device has loaded the web.zip package containing an sslvpn folder.

    If the following message is displayed, the device has loaded the web.zip package containing an sslvpn folder.

    <Huawei> display current-configuration
     ...
     http server load web.zip
     ...
    NOTE:

    The administrator can define the web.zip package name, but the web.zip package must contain a folder named sslvpn.

    If the device does not load the web.zip package containing an sslvpn folder, run the http server load command.

    If the device has loaded the web.zip package containing an sslvpn folder and the fault persists, go to step 5.

  5. Check whether Hypertext Transfer Protocol Secure (HTTPS) is completely configured on the device.

    NOTE:

    Ensure that the device has obtained a digital certificate. If the device has not obtained a digital certificate, obtain a digital certificate according to PKI Troubleshooting.

    Run the display current-configuration command in any view to check whether HTTPS is completely configured on the device.

    If the following message is displayed, HTTPS is completely configured on the device.

    <Huawei> display current-configuration
     ...
     http secure-server ssl-policy user                                                            
     http secure-server enable   
     ...
    

    If HTTPS is not completely configured on the device, configure HTTPS according to Security HTTPS Configuration.

    If HTTPS is completely configured on the device and the fault persists, go to step 6.

  6. Check whether the number of online users reaches the maximum number allowed by the virtual gateway or the device.

    Access the web page for login and click Login. The system displays a message indicating that the number of online users reaches the maximum number allowed by the virtual gateway or the device. View the logs to check whether the maximum number of online users is set appropriately and contact the administrator for adjustment.

  7. Check whether the user name and password are correct.

    Enter the web page for login, enter the user name and password, and click Login. If the system displays a message indicating that the user name or password is incorrect, run the display sslvpn gateway gateway-name access-user [ user-name ] command to check whether the entered user name and password are identical with the user information configured on the virtual gateway. If the user name and password are correct, rectify the RADIUS authentication fault according to .

  8. Collect the following information. Contact technical support personnel if the troubleshooting is unsuccessful.

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 456471

Downloads: 4321

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next