Conflict of Certificate SSL RV082 Cisco for ActiveSync
I have a Cisco RV082 session before my exchange server. I have the port forwarding for 443 to my exchange server.
My ActiveSync (iPhone, Droid) users get a connection error when HTTPS is enabled on the Firewall tab using the MS Connection Tester, it appears that the ActiveSync connection picks up the cert of Cisco, installed on the RV082 and not the cert I on the Exchange Server.
If I turn off HTTPS then it all works.
That would be fine except that I seem to need HTTPS to my VPN connection enabled to work.
Help!
I saw this question on RV0xx V3 devices. The devices are built with more security, but the device will always meet the demands of SSL certificates and not transfer the request even if the port forward is activated. Even when the port which is transferred 443 is not the router will always respond with its own SSL certificate. If you experience this kind of configuration problems. Please if you do not need ensure the management to distance, SSL VPN, or secure disable management LAN HTTPS under the firewall settings. If you need these parameters so please call in and create a case. More business with this number, we create the problem gets noticed and solved. There is no rejection of bug at this time for the same problem, I know. Please call Small Business Support Center at 1-866-606-1866. If the technician you speak with what is not aware of the problem please have a talk with me.
Thank you
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - security
Tags: Cisco Support
Similar Questions
-
Requirement of certificate KeyUsage for ActiveSync
I have a RT Surface and a Nokia Lumia 920 (Windows Phone 8).
The Mail app works fine on my Nokia Lumia 920, I installed the enterprise root cert and also my file PKCS #12 (P12) personal, and the phone now syncs with our company very well Exchange Server.
I installed the same root certificate and also the same file PKCS #12 on my RT Surface, however, the Mail app refused to work on the Surface RT. I also tried touchdown (3rd party ActiveSync email app) and it didn't work either. With the built-in Mail app, it allows me to configure settings (email address, password, domain, user name, server) and enterprise messaging configuration appears on the mail app. But it gives me an error message "unable to synchronize.
The touchdown, after setting up my user information, I see on the paper of a "Forbidden" error code.
I'm solving this problem with my IT admins and one thing that comes to mind is the X.509v3 certificate KeyUsage extension in my PKCS #12 file. I'll check everything what are they keyUsage flags that I need to enable so that it can be used to authenticate to the exchange server for ActiveSync.
Thank you.
Hello
The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.Hope this information helps. -
Hi all
I have configured the SSL vpn client and the client less ssl vpn, but I am not able to connect cisco vpn client softrware and also browser, because of certificate problem, can you please tell how to create the certificate SSL VPN
Thanks and greetings
Rajesh Gowda
Sign up for a certificate from a public certification authority and use the FQDN to connect to the VPN. Then these warnings should not appear.
-
Active Sync iPad ssl Client certificate
How do I configure the iPad2 to synchronize the iPad-Mailclient with Exchange 2010 via Active Sync using the certificate SSL client and name of user and password?
Hi Ewoki,
Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the TechNet Exchange forum. Please post your question in the Forums TechNet in Exchange Server.
-
Configuration of Cisco for Cisco VPN Client ASA 5505
Our firm has finally made the move from Sonicwall Cisco for our SMB customers. Got our first customer with a VPN site-to site solid and you have configured the main router for connections via the Cisco VPN Client VPN Wizard.
When I install the VPN Client on desktop computers that does not capture all the necessary options (unless you have a SSL VPN). I guess that there is a process that I am missing to export a connection profile that Cisco VPN Client users can import for their connection.
There step by step guides to create the connection profile file to distribute to customers?
Hello
The ASDM wizard is for the configuration on the SAA. This wizard will help you complete the VPN configuration on the end of the ASA.
You will need to set the same in the client, so that they can negotiate and connect.
Input connection in the client field, that's what you want to be seen that on the VPN client - it can be any name
Host will be the external ip address of the ASA.
Group options:
name - same tunnel as defined on the ASA group
Password - pre-shared as on ASA.Confirm password - same pre-shared key.
Once this is over, you will see the customer having an entry same as a login entry. You must click on connect there. He will be a guest user and the password. Please enter the login crendentials. VPN connects.
You can distribute the .pcf file that is formed at the place mentioned in the post above. Once the other client receive the .pcf, they need to import it by clicking this tab on the VPN client.
Kind regards
Anisha
-
How can I connect to a web service that requires client certificates SSL V3.0 using CFMX?
I am trying to use a client certificate to connect via CFHTTP a secure Web site and I'm getting a "403.7 - Forbidden: certificate customer required" error. I have correctly installed the Web site cert by following the instructions here:
http://www.TalkingTree.com/blog/index.cfm?mode=entry & entry = 25AA75A4 - 45a 6-2844 - 7CA3EECD842D B576
When I access the secure site using IE, I am asked to use the installed client certificate, and then I'm able to view the content secure without no 403 errors.
After completing the research question, I read in this post that CFMX7.01 does not support the SSL V3.0 protocol:
http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4 / messageid:229870 / step: 0
Did someone using client certificates SSL V3.0 with CFMX7.01? Is it a question of Adobe or java problem? Are there alternatives?
CFX_HTTP5 worked great!
I wish just called him 'good '. I asked the question about a popular mailing list and got absolutely no response. I also searched Google for a few hours and did not find anything. CFX_HTTP5 did the job and now I can finish what I started instead of saying my client I found a mission critical issue that ColdFusionMX couldn't do.
Thanks again!
-
How can we regenerated certificate of development mac for future use.
How can we regenerated certificate of development mac for future use.
Probably better off posting it here:
-
Certificate not found string for: RDK. RDK must refer to a valid key file...
Hello devs
I build a cordova app for BlackBerry 10 for a client and I wanted to sign the file bar. So in momentics I open the wizard and connected on the customers account to retrieve the bbidtoken.csk, the author.p12 and barsigner.db files. They are automatically placed in ~/Library/Research In Motion, so I guess that's right oke.
Now when I try to compile a release it gives me the error:
Error: Certificate chain not found for: RDK. RDK must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
The strange thing is that if I create a new empty project in momentics and I export it as a release, I have no problem with the signature of the file bar. This error only occurs when I try to sign in via the command line via "cordova build blackberry10 - version" or via the command "blackberry-signatory".
Any ideas on this issue?
Thanks in advance!
Run blackberry-signatory to the command line and look for the version at the top of the output number. To use a BlackBerry ID token to sign you need version 3.0.9 or higher. You have an older version in your path, which is looking for the files needed for the previous signature mode (installation of files of the LSB).
-
Replacement for activesync on Windows 7 64 bit
Remember - this is a public forum so never post private information such as numbers of mail or telephone!
Ideasreplacement for activesync on win7 64-bit helps
- You have problems with programs
- Error messages
- Recent changes to your computer
- What you have already tried to solve the problem
See http://www.microsoft.com/windowsmobile/en-us/downloads/microsoft/device-center-download.mspx
ActiveSync is not compatible with Windows 7.
-
Renewal certificate HTTPS in Cisco ISE
Hello
A few months ago a renewed our certificate for eap. Now, I must renew the HTTPS certificate. ISE said that there will be a 'significant' downtime, the renewal of the certificate.
What exactly is this judgment? Cannot authenticatie users through EAP / RADIUS? Or is that what the web interface? I can't find any documentation on this topic.
Kind regards
Michael Trip
The only downtime, you can expect the renewal of the HTTPS certificate is:
1. for changes to HTTPS protocols, a restart of the ISE services is required, which creates a few minutes of downtime. You will not be able to access the GUI round 10-15 minutes.
2. If you are using a self-signed certificates in a distributed deployment, the primary self-signed certificate must be installed in the approved certificate of the secondary server ISE store. Similarly, the secondary self-signed certificate must be installed in the approved certificate of the server main ISE store. This allows the ISE server to mutually authenticate each other. The deployment might break. If you renew certificates from a third-party certification authority, check if the root certificate chain has been changed and update the store of certificates approved in the ISE as a result.
Here is the document containing the same steps. I have highlighted for your convenience.
Rgds,
Jousset
~ Make rate of useful messages.
-
What type of certificates are not suitable for the signature of the extensions to HTML5?
It is not clear to me, of the literature exactly what types of certificate are not suitable for the signature of the CC2014 HTML5 extensions.
I used a Thawte 'Adobe Air' certificate for signing extensions based on Flash. It is now expired. Can I buy the same type and that will work cross-platform for the signature of the extensions to HTML5?
See http://www.thawte.com/code-signing/content-signing-certificates/adobe-air/index.html
Thank you
Hi meeky2,
Required certificates have not changed for HTML5 extensions, so the same type of certificate that you had before work ('Adobe Air' certificates are very good).
Note that if you only distribute your HTML5 extension through modules Adobe / Adobe Exchange, then there is no need to use a paid certificate. If you distribute your extension elsewhere, then you should do the same thing as you did with the extensions of the AIR.
Best regards
Fraser
-
Necessary certificate on ASA 5510 for Cisco Secure Desktop?
I use Cisco Anyconnect "anyconnect-victory - 2.3.0185 - k9" and ASA 8.0.4. I want to just use CSD to prelogin and check a registry key for desktop PC.
It works fine but I still the newspaper of the SAA this message:
"Failure of the validation of certificates. No appropriate trustpoints found to validate the serial number of certificate: xxxxxxxxxxxxx, name of the object: cn = CiscoSecureDesktop.
January 5, 2009 15:00:50: % ASA-3-717027: invalid certificate chain. No appropriate trustpoint was found to validate the string. »
I need to install a certificate on ASA just to use the CSD module? Or, what is the average to avoid this log message and use a certificate of CSD?
Thanks for your help.
David.
Hi David,
The question is more aesthetic and does not affect all the features.
You can view the bug "CSCsr07594", which describes the problem and the workaround in detail.
Thank you
Naman
-
certificate as a setting for SSL without using keystore mechanism
Hello
I have a standalone Java client based on vSphere SDK Web Service v4.
The client is based on the vSphere v4 Web Service SDK sample code, with JDK 1.6 and 1.4 of the axis.
For various reasons, I couldn't use the Java keystore https communication mechanism. I was wondering if it is possible to provide the necessary certificate as a parameter to axis? i.e., bypass the part ' reading of the keystore file and looking for the right certificate "and feed off of the certificate of right to directly appropriate places)
If not, is it possible to have javax.net.ssl.trustStore points to a data structure in memory (instead of a physical file)?
Code example would be nice.
Any pointers or suggestions are appreciated. Thank you.
Kong
Hello
Try if it works.
Rajesh
-
Import a certificate SSL on SG500X
I try to use SSL certificates disconnected by the internal CA on all our SG500X and SG500 rocker, the manual is a little vague on the process of importation of the real process, I have generated demand for the switch without specifying a new key (so I guess it used the default value), has presented the request of my CA and downloaded the cert. Because the import option does not allow the import of the cer file, I open with a text editor and copied the cert, including start and end markers, when I submit, in it I get the error: SSL could not import the certificate - conversion of entry to the certificate failed.
Hello Steve,.
Here is a step by step guide to import the SSL certificate. I hope this helps.
Nana
-
Router WAN double with SSL VPN inaccessible for customers
I have a configured in a Dual WAN setup Cisco 888. There is an ADSL link connected to the VLAN 100 and a SDSL link associated with the Dialer0. The customer wishes to use the ADSL link to the normal navigation and external SSL VPN users to complete on the SDSL connection. I tried to configure the link failover for the ADSL SDSL.
What works:
-Access to the Internet for clients the
What does not work:
-The ADSL SDSL connection failover.
-Access SSL VPN for customers. Surf to the external IP address will cause only a page by default HTTP. Specification webvpn.html results in a 404 not found error.
Here is my configuration:
version 15.0
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
host name x
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 x
!
AAA new-model
!
!
AAA authentication login local sslvpn
!
!
!
!
!
AAA - the id of the joint session
iomem 10 memory size
!
Crypto pki trustpoint TP-self-signed-3964912732
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3964912732
revocation checking no
rsakeypair TP-self-signed-3964912732
!
!
TP-self-signed-3964912732 crypto pki certificate chain
self-signed certificate 03
x
quit smoking
IP source-route
!
!
IP dhcp excluded-address 192.168.10.254
DHCP excluded-address IP 192.168.10.10 192.168.10.20
!
DHCP IP CCP-pool
import all
network 192.168.10.0 255.255.255.0
default router 192.168.10.254
DNS-server 213.75.63.36 213.75.63.70
Rental 2 0
!
!
IP cef
no ip domain search
property intellectual name x
No ipv6 cef
!
!
udi pid CISCO888-K9 sn x license
!
!
username secret privilege 15 ciscoadmin 5 x
username password vpnuser 0 x
!
!
LAN controller 0
atm mode
Annex symmetrical shdsl DSL-mode B
!
interface Loopback1
Gateway SSL dhcp pool address description
IP 192.168.250.1 255.255.255.0
!
interface Loopback2
Description address IP VPN SSL
IP 10.10.10.1 255.255.255.0
route PBR_SSL card intellectual property policy
!
interface BRI0
no ip address
encapsulation hdlc
Shutdown
Multidrop ISDN endpoint
!
ATM0 interface
no ip address
load-interval 30
No atm ilmi-keepalive
PVC KPN 2/32
aal5mux encapsulation ppp Dialer
Dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
LAN description
IP address 192.168.10.254 255.255.255.0
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1300
!
interface Vlan100
Description KPN ADSL 20/1
DHCP IP address
NAT outside IP
IP virtual-reassembly
!
interface Dialer0
Description KPN SDSL 2/2
the negotiated IP address
IP access-group INTERNET_ACL in
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
Dialer-Group 1
PPP pap sent-username password 0 x x
No cdp enable
!
IP local pool sslvpnpool 192.168.250.2 192.168.250.100
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
pool nat SSLVPN SDSL 10.10.10.1 IP 10.10.10.1 netmask 255.255.255.0
IP nat inside source static tcp 10.10.10.1 443 interface Dialer0 443
IP nat inside source static tcp 10.10.10.1 80 Dialer0 80 interface
IP nat inside source overload map route NAT_ADSL Vlan100 interface
IP nat inside source overload map route NAT_SDSL pool SSLVPN SDSL
IP route 0.0.0.0 0.0.0.0 x.x.x.x
IP route 0.0.0.0 0.0.0.0 Dialer0 10
!
INTERNET_ACL extended IP access list
Note: used with CBAC
allow all all unreachable icmp
allow icmp all a package-too-big
allow icmp all once exceed
allow any host 92.64.32.169 eq 443 tcp www
deny ip any any newspaper
Extended access LAN IP-list
permit ip 192.168.10.0 0.0.0.255 any
refuse an entire ip
!
Dialer-list 1 ip protocol allow
not run cdp
!
!
!
!
NAT_SDSL allowed 10 route map
match the LAN ip address
match interface Dialer0
!
NAT_ADSL allowed 10 route map
match the LAN ip address
match interface Vlan100
!
PBR_SSL allowed 10 route map
set interface Dialer0
!
!
control plan
!
!
Line con 0
no activation of the modem
line to 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
max-task-time 5000 Planner
!
WebVPN MyGateway gateway
hostname d0c
IP address 10.10.10.1 port 443
redirect http port 80
SSL trustpoint TP-self-signed-3964912732
development
!
WebVPN install svc flash:/webvpn/anyconnect-dart-win-2.5.0217-k9.pkg sequence 1
!
WebVPN install svc flash:/webvpn/anyconnect-macosx-i386-2.5.0217-k9.pkg sequence 2
!
WebVPN install svc flash:/webvpn/anyconnect-macosx-powerpc-2.5.0217-k9.pkg sequence 3
!
WebVPN context SecureMeContext
title "SSL VPN Service"
secondary-color #C0C0C0
title-color #808080
SSL authentication check all
!
login message "VPN".
!
Group Policy MyDefaultPolicy
functions compatible svc
SVC-pool of addresses "sslvpnpool."
SVC Dungeon-client-installed
Group Policy - by default-MyDefaultPolicy
AAA authentication list sslvpn
Gateway MyGateway
development
!
end
Any suggestions on where to look?
Hello
It works for me. When the client tries to resolve the fqdn for the domain specified in "svc split dns.." he will contact the DNS server assigned through the Tunnel. For all other questions, he contacts the DNS outside the Tunnel.
You can run a capture of packets on the physical interface on the Client to see the query DNS leaving?
Also in some routers, DNS is designated as the router itself (who is usually address 192.168.X.X), if you want to make sure that assigned DNS server doesn't not part of the Split Tunnel.
Naman
Maybe you are looking for
-
HP PAVILION G6 bios reset administrator password
I have a HP Pavilion g6 with a game password. As soon as you start looking for a password. I've seen other posts where you have provided a code to bypass the password. My system code is 75638304. Can anyone help with my system?
-
HP Pavilion 11-n010sn x 360: rather than the special keys function keys
Pourrait function keys that are rather than special purpose keys function keys. And I need to be exactly the function keys that access you without using the fn key.
-
When you send an e mail to many people, I don't want the addresses to be seen. How can I do this?
I would like to send an email to several people, but want to 'hide', all addresses. How can I do this? Thanks for any help.
-
Error message: you are not allowed to access this resource network
I have 4 computers on a network peer-to-peer (1 x 7, 2xXP 1 x 98). As of today, one of the XP machines will not display the network when I try to access it through "My Network Places". He says I don't have permission, but when I serch for computers
-
Watch "updates were not correctly configured. Revertingchanges. Do not turn off your computer.
When I turn on my laptop this message "updates were not correctly configured. Restoration of the changes. Don not turn off computer. "Have not been able to go beyond that? Any help will be appreciated.