Cisco VPN :: ASA 5505 - AnyConnect 3.1 Captive Portal False Alert Stops Users Connecting?

Dec 29, 2012

I am having problems with a customer's ASA 5505 with Anyconnect 3.1 - it is generating captive portal false-alerts which are stopping users from connecting. This issue began when I upgraded from Anyconnect 2.4 to 3.1, and it appears like this: A user downloads and installs the Anyconnect client and is able to connect fine, to begin with. However, once they reboot their computer and try to reconnect, the VPN session will not come up and they receive the error message below."The service provider in your current location is restricting access to the internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser." 
Reading other posts, it seems this message appears when a captive portal is restricting internet access. It must be a false alert in this case as there is nothing of the sort here. Apparently, Anyconnect 3.1 can generate a false alert like so if the name of the firewall's SSL certificate doesn't match the CName listed on the Client Profile. I've set this up to match, to no avail. Although users can connect by reauthenticating through the SSL VPN login web page, I am stumped as to how to get rid of this captive portal error that pops up when they try to use the Anyconnect client.

View 4 Replies


Cisco VPN :: SSL Port 443 - AnyConnect Captive Portal

Nov 7, 2012

Is there a way to disable this function? I have a client with only a single IP address. SSL port 443 is used for a web server, so Anyconnect SSL is now listening on a different port.

When we changed the port and updated the client profile, the client now thinks there is a captive portal inbetween and requires the user to authenticate first via web. Doing so works fine but is now adding this additional step to the login process.
I don't understand why Anyconnect (knowing from the profile that the VPN client is on another port) is still obviously looking on 443.

View 4 Replies View Related

Cisco Wireless :: How Many Captive Portal Users Can Be Created On WAP321

Feb 23, 2013

I'd like to setup a Captive Portal on our WAP321.  We will probably have 50 users (although there will probably be less than 10 simultaneous users).  What is the maximum number of Captive Portal users (when using the "local" verification option) that I can create on a WAP321?

View 3 Replies View Related

Cisco :: 3845 Router - DFM 3.0.2 False Alert On E1 Controller

Jul 20, 2011

I have the following problem with DFM 3.0.2:
One of my customers has got a Cisco 3845 router with some E1 controllers in it. DFM sometimes generates an alert that says the controllers are flapping, meanwhile there is no syslog, or snmp-trap generated in the router itself. If the cables disconnected/connected, or a shut/no shut command was issued ont the interfaces, the router generates the syslog and snmp-trap as it is required.
So in a nutshell it seems that there is no flapping ont the controller, but for some reason DFM thinks that there was one.
I searched for bugs, but wasn't be able to find anything relevant neither in DFM, nor in the IOS itself (c3845-advsecurityk9-mz.124-24.T2.bin)

View 2 Replies View Related

Cisco Switching/Routing :: ASR 1001 False Environmental Alert

Dec 18, 2011

I have a few new ASR 1001s throwing false environmental alerts.According to the logs, the inlet temp is in excess of 100 degrees C.When I telnet to the routers, they're well within tolerance (30-32C),Running 15.1(1)S and bug toolkit shows no related issues or caveats.

View 1 Replies View Related

Cisco WAN :: Captive Portal On 881 Router

Dec 12, 2011

Configuring captive portal on an 881 router?

View 1 Replies View Related

Cisco Wireless :: Where To Go To Get WAP321 Captive Portal

Mar 5, 2013

where to go to get my WAP321's captive portal. If i type the IP address of the WAP321 it simply takes me into the Administration page.

View 1 Replies View Related

Cisco Wireless :: Captive Portal With Two Or More WAP321

Aug 15, 2012

I plan to use the WAP321 as a WLAN Hotspot. But I need more than one AP. What is the Design for this?
Do I need to configure every WAP321 with the captive portal and the user need to re-login every time they roam to another WAP321?
Or can I redirect all WAP321 AP to one captive portal?

View 6 Replies View Related

Cisco :: 5508 OCSP Through Captive Portal

Jul 23, 2012

We recently applied a 3rd party SSL certificate to our 5508 (running to be used for guest web authentication. It's working, however Mac clients are getting invalid certificate messages. This seems to be due to Mac’s default behavior to use OCSP to validate certificates.. Disabling OCSP via the Keychain causes the cert error to go away. I’m wondering if there is any WLC setting that allows OCSP through the captive portal.

View 6 Replies View Related

Cisco Wireless :: How To Get To WAP321 Captive Portal

Mar 6, 2013

I have configured my WAP321 with captive portal enabled but how to a get to the captive portal. If i browse to its web address and get back into the administration GUI and if i connect to the wireless connection configured on this AP it does the normal wireless login.

View 2 Replies View Related

Cisco Wireless :: WAP321 Captive Portal And IOS 6

Oct 1, 2012

Our iOS6 devices cannot connect to our Cisco Wi-Fi access points using our guest network settings, which involves a captive portal where they must enter their email address. When they select the guest network, they get the screen shown at the bottom of the screen. Prior to iOS6, they'd get the web page where they enter their email address and accept our terms of use. This is happening both on upgraded devices and iPhone 5 devices. We haven't changed anything with the access points.

View 11 Replies View Related

Authenticate Through Captive Portal Using HTTP GET / POST?

Mar 16, 2012

I work at a public library, and our wireless network is controlled with a captive portal. I am using the app Tasker on my Verizon Galaxy Nexus (Android 4.0.3) to do things like automatically silence the phone when it connects to the wireless network. What I'm hoping to do is get it to also automatically authenticate with the captive portal. I know this is possible on a PC, but I'm not sure how to implement it with my phone. Takser allows for using HTTP GET of HTTP POST. With GET I have fields for "Server:Port", "Path", "Attributes", "Timeout", "Mime Type", and "Output File". For POST I have "Server:Port", "Path", "Data", "Timeout", "Content Type", and "Output File". Here is documentation about these two methods:

Quote:HTTP Get Send an HTTP GET request to a webserver.The response code is stored in %HTTPR. A response code of -1 indicates a problem making the request. Any returned data is stored in the variable %HTTPD if the content type is text-based (max 4K).

Example: running a script

Server:Port: [URL] [no port specified, use port 80]
Path: cgi-bin/
Attributes: [must be separated by newlines, no spaces please]


View 17 Replies View Related

Cisco Wireless :: WAP321 Captive Portal User LOG

Dec 6, 2012

We put in place 4 devices. Everything is working five (apple IOS6+ not obv...). So when somebody is connecting he have to read our agreement, enter is full name and check the box. (is not personnal session...)How can i have log his name and access hours???? Because a saw is connected when is connected in live on : Captive Portal>Authenticated Clients .But i want to keep a log with this informations + the date/hour if possible.

View 1 Replies View Related

Cisco Wireless :: WAP321 Captive Portal Redirect

Aug 1, 2012

Another problem with WAP321 access point. I set up the captive portal for guest access. Connexion is going well, I got IP adress, but then, I open my webrowser to authentificate on the captive portal, and I get a nice "404 not found / file not found" page. If I put the IP adress of the access point in my webrowser, I can get the captive portal homepage. Why the redirection is not working automatically

View 16 Replies View Related

Cisco Wireless :: Setting UP Captive Portal On 5508 WLC

Jan 29, 2013

I do know that captive portal could be setup on cisco 5508, such that internet users could login as follows: Username, password , login duration  etc. however i would like to know whether the above configuration would work with just 5508 and MS Active directory. secondly can we upload a customised login web page from which users can login and gain access to the internet ?

View 1 Replies View Related

Cisco Routers :: Does RV220w Have Captive Portal Like RV180w

Jun 1, 2012

Does the cisco rv220w have captive portal like the rv180w does, or will it be supported in future firmware?

View 1 Replies View Related

Cisco Wireless :: Captive Portal On AP 1041 / 1042

Sep 18, 2012

There is WLAN with Nortel APs witha captive portal. We are migrating to a Cisco Solution and we have AP 1041 / 1042
How can I configure Captive Portal in the 1041/1042 APs

View 3 Replies View Related

Cisco VPN :: 5505 Local Users Authenticate To AnyConnect

Jul 16, 2012

I am trying to configure a Cisco ASA 5505 so that users can authenticate via Radius or via a Local account using the Cisco AnyConnect client.  In the AnyConnect Connection profile, the basic tab, it has Authentication Method.  We have this going to an AAA server group with Use Local if Server Group fails option is checked.Each time, I see where the user has failed while attemtping to log in to the domain via the radius servers and thus bypasses the local user database all together.       

View 3 Replies View Related

Cisco Wireless :: Coova Chilli Captive Portal And WLC 5508?

Sep 25, 2012

We are plannig to install a WLC 5508.Actually, there is a Nortel Controller with some Nortel  APs.The controllers use Coova CHILLI captive portal to authenticate. Also the CHILLI server acts as a DHCP server for APs and Wireless clients. The Nortel Control does not authenticate the wireless clients, is used only for AP management. 
My questions are :
1.- Does the Cisco WLC 5508  works with the CHILLI?

2.- Is there any documentation?

View 4 Replies View Related

Cisco Wireless :: WAP321 Captive Portal User List

Jan 23, 2013

We are thinking of buying a WAP321 to use for captive portal.
Is it possible to configure it so that multiple guests and use the same username and password simultaneously?
If we have 10 guests in the office we don't want to configure 10 usernames for them to use.

View 1 Replies View Related

Cisco Wireless :: WAP321 - Radius Authentication For Captive Portal

Aug 1, 2012

I'm fighting for a few days now to setup the captive portal of 2 wireless access point WAP321. I was able to make it work with local user authentication but now, I want to manage my guest users on active directory. So I setup the captive portal to authentication user with NPS on Windows 2011 SBS.

The problem is that my guest SSID in not encrypted, so the NPS server do not let me login. I try to setup the NPS server like that :

Uncrypted authentification (PAP, SPAP)
Service-Type : Login

View 2 Replies View Related

Cisco Wireless :: WAP321-Captive Portal Doesn't Work?

Jan 30, 2013

I've just setup a WAP321:

- 2 vlans: 200 & 250
- ip address on vlan 200 (management)
- SSID on vlan 200
- SSID on vlan 250
The LAN port is connected to Cisco Catalyst (Trunk 200,250). In vlan 200, there is the customer lan In vlan 250, there is a box to access to internet.
SSID associated to vlan 200 works properly. But the captive portal associated to vlan 250 doens't work. When we connect to it, and the captive portal is off, we can access to internet (the box give an ip address). But when I setup the captive portal to vap2 (vlan250), we can't access to internet (but the DHCP works properly). We have access to nothing, the page in the browser is blank.
I suspect a mistake with DNS configuration. I have read that the captive portal needs to be associated to vap0, is it true?
In attached files, the wap321 config.

View 5 Replies View Related

Cisco Switching/Routing :: 6509 - Captive Portal NM-AIR-WLC6

Nov 1, 2011

We currently have a very small basic wireless network setup and we are looking to extend access to our connectivity to guests. What we would like to do is being able to configure a Guest V LAN on the wireless connection that would display a disclaimer on the terms of use prior to granting access to the network. We are currently using a pair of AP1142N access points connected back into a Cisco 6509 w/ Sup 720.  The access points are not lightweight access points as the small number of access points we are managing did not warrant the need for centralized configuration.
We happen to have an unused Cisco 2811 router lying around and found a used NM-AIR-WLC6 on E bay that appears to be the most inexpensive wireless controller that I can find.  Will this support a captive portal?
Is there a way to implement a captive portal without a wireless LAN controller?  Are there devices that can placed into our network that would provide captive portal services to both wireless and specified wired switch ports (or inline to an entire switch of wired ports)?
We do not need any type of authentication with the captive portal, just simply a disclaimer with the terms of use.  If there is a way to do it without additional devices that would require authentication, we would consider a guest/guest username/password combination to accomplish this.

View 1 Replies View Related

Cisco Wireless :: WAP321 / Dual Band Concurrent AP With Captive Portal?

Sep 6, 2012

Was looking at purchasing WAP321 however after looking at the spec's I see it has not got concurrent dual band (2.45Ghz/5Ghz) is there any simular access points with dual band and captive portal?

View 2 Replies View Related

Cisco Wireless :: Does 2500 Or 5500 Have Some Sort Of Built In Captive Portal

Jan 5, 2013

Does the Cisco 2500 or 5500 have some sort of built in captive portal.

View 5 Replies View Related

Cisco Wireless :: WAP321 - Isolate Traffic Of Guest Captive Portal From LAN?

Oct 14, 2012

I have 1 WAP321 for guest access. Now I need to isolate traffic of guest captive portal from my LAN.How can I do this?

View 1 Replies View Related

Cisco Wireless :: 5508 / ISE Captive Portal Timeouts And Radio Policy

Mar 7, 2013

I have set up a new wireless network for a customer and they want to use the guest portal for som users.The problem that I am expering is that on a particular site with many small buildings user complains that they have to reauthenticate using the webportal when moving between the buildnings. I have tired extending the idle user timeout on that particular wlan in the cisco 5508, but I still having this problem.
I would actually like if the user login via the guestportal at the beginning of the work day and after say 4-5 hours they have to reautencitcate.And if they loose network connectivity (moving between buildings, iphone/andriod shutting down wifi adapter, etc) they shuld be fine connecting again because they have aldready authecnticated once during the last 4-5 hours.
Is this possible via the ISE?My second question deals with 2.4 and 5 Ghz band.I use AP groups on each of my distribution areas. All groups have the same SSID but diffrenet egress interfaces (interfaces groups). And in some of these I want to save the 5 GHz band for voice over wlan and in others i would like to use both bands.
Do I have to create diffrent wlan profiles with diffrent radio policys and same SSID or could I do this in the AP group settings using RF-profiles?

View 2 Replies View Related

Cisco Switching/Routing :: WAP321 Wireless Router That Supports Captive Portal

Aug 12, 2012

I would like to ask for a cisco wireless router that supports captive portal.  I notice that WAP321 supports this but what other additional units should be added in order to accomplish this. Client wants the user to authenticate first and also to see who logs in.

View 0 Replies View Related

Cisco Wireless :: CT2504 / WLC Captive Portal Not Loading Images Or Via HTTP Correctly

Dec 11, 2012

I have a CT2504 at a customer site which does not load the captive portal page correctly nor will it load via HTTP as opposed to HTTPS.So for starters I did what I do with all my CT2504's (which work fine), I configured my Guest network to authenticate via the default captive portal. I then disabled HTTPS and SSH and enabled HTTP managment followed by rebooting the controller. On boot, logging into the WLC management GUI is automatically presented via HTTP as expected.However when clients access the Guest network they are redirected to the Web Authorisation via HTTPS instead of HTTP?In addtion to the above the captive portal page does not display correctly.The preview via the controller works fine, but the client is presented with a page with broken links to the images i.e. the blue strip at the top and the Cisco logo on the right.

View 3 Replies View Related

Cisco Wireless :: WAP321- Captive Portal SA520 Inter VLAN Routing

Dec 4, 2012

I have setup a WAP321 and configured it for a captive portal. It is connected to a SG300 switch and the gateway is a SA520.The SA520 is setup with two VLANs. The default of ID 1 and a guest vlan ID 2.
The SA520 is assigning the IP addresses to VLAN ID 2. That is working properly.And the captive portal works fine as long as I have Inter VLAN Routing Enabled on VLAN ID 2. But, I do not want VLAN ID 2 to access the local LAN so I Disabled the setting for VLAN ID 2. If I disable captive portal on the WAP321 with Inter VLAN Routing disabled, everything works fine. No access to VLAN ID 1 and Internet access works fine.

View 2 Replies View Related

Cisco Wireless :: WAP321 - Restrict Access To Captive Portal After Successful Authentication

Oct 1, 2012

I have setup a WAP321 with the captive portal activated.2 WLAN networks defined, one for the Normal-user and 1 Guest-user access (with captive portal).
The WAP Management is on its own vlan (vlan 1 ) , network /24
The Normal network has a different vlan (vlan 14) , network
Guest user(s) are on VLAN143 , /24
So when a guest connects to the wap, the management interface is opened (10.0.0.x), after successful authentication the user is redirected to a predefined site.What i would like to establish is to make it impossible for the Guest-user(s) to access the management portal.
Defining an acl on the management portal is not possible as i would like to use any ip adres on the Normal Network ( Unfortunately you can only define 5 Fixed ipaddresses and not a (sub)-network.

View 1 Replies View Related

Cisco Wireless :: WAP321 Captive Portal On IOS / Android - Firefox Doesn't Work

Jan 29, 2013

I successfully install 4 WAP321 in my company. Everything works... except captive portal on IOS, android and firefox. moreover, I notice that firefox (and android, not sure for IOS...) works ONLY if I copy/paste internet local address from IE to FIREFOX [URL] ...
To my mind, the problem is INSIDE WAP321 OS...
I openend a CISCO's case, and they allready know this problem. When I started to explain my issue, He said "oh yeah the pink page?".

View 11 Replies View Related

Protocols / Routing :: Can Semi Average Computer User Set Up A Captive Wifi Portal

Nov 15, 2011

Is it easy to setup a paid wifi hotspot or would I need knowledge of advanced networking? I've been searching around and I've found software that do that, I prefer doing it free.

View 1 Replies View Related

Copyrights 2005-15, All rights reserved