Re: Web Gui issues with C1121-4P router

Hiten Thakkar · ‎03-01-2023

I set up a C1121-4P router for a friend with int gig0/0/0 facing the ISP with ip address dhcp. int gig0/0/1 192.168.1.1/24. See attached sh run. Vanilla Configuration not much security or complexity. After a power reload the GUI "https://192.168.1.1/webui nor http://192.168.1.1/webui" stopped working and can't get it to run. The browser Firefox as well as Chrome reports not compatible TLS and incorrect ssl (don't remember exact message) . I believe the Cisco IOS is using TLS v1.1 and the browsers are using TLS v1.2. The friend is not CLI savvy and want to use the GUI, so he can determine the ip nat translation statistic as well as the log. I have enable ip authentication http local not in sh run. Any help is appreciated.

balaji.bandi · ‎03-01-2023

we did not find any show run attached, command try setup only TLS1.2

use the below document for reference to setup TLS 1.2 for the GUI

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/configuration/xe-16-5/https-xe-16-5-book/nm-nginx-http-web-security.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hiten Thakkar · ‎03-02-2023

Thanks for your help. Sorry for the oversight I have attached the sh run. I enabled TLSv1.2 too does it need to be power reset. set the ip authentication http local I still have issues loading the gui.

balaji.bandi · ‎03-03-2023

i do not see your config http config at all ?

config to tls 1.2 does not required router to reboot. but is your router running SSH v2 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hiten Thakkar · ‎05-05-2023

Turns out I needed to have configured user with privilege 15 to user the WebGUI for all menu items

paul driver · ‎05-07-2023

Hello
Is http server enabled on the rtr ( it should be by default)
Define a static default route other then the received default from dhcp?

dir flash:
show http server status

conf t
ip https server
ip http authentication aaa
ip http max connections 2
ip http path flash:
ip route 0.0.0.0 0.0.0.0 gig0.0.0 dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

burtG · ‎06-21-2023

I had a problem similar to this one on a C1101-4P. The only option that worked was to change the SW baseline from 17.3.x to 17.6.x and then WebGUI would show the proper pages and allow configuration. I don't know if you are able to update your SW, but that is what worked for me.

Hiten Thakkar · ‎06-21-2023

It worked fine. I reset the router to factory default and it worked, but
thanks for the update.

mohsinsangani · ‎04-19-2024

Hey there! It sounds like you're facing a bit of a hiccup with your friend's router setup. From what you've described, it seems like there might be a compatibility issue between the router's TLS version and the browsers your friend is using.

Since your friend prefers using the GUI and isn't too familiar with the command line, we might need to explore a few options. One approach could be to see if there's a firmware update available for the router that supports a newer version of TLS. Alternatively, you could try accessing the GUI from a different browser or even a different device to see if that helps.

If those options don't work, we might need to delve into the CLI a bit to troubleshoot further. Let me know if you're up for that, and I can guide you through some steps to check the router's TLS settings and potentially adjust them if needed.

@Hiten Thakkar wrote:
I set up a C1121-4P router for a friend with int gig0/0/0 facing the ISP with ip address dhcp. int gig0/0/1 192.168.1.1/24. See attached sh run. Vanilla Configuration not much security or complexity. After a power reload the GUI "https://192.168.1.1/webui nor https://pennmedicalgroup.com/" stopped working and can't get it to run. The browser Firefox as well as Chrome reports not compatible TLS and incorrect ssl (don't remember exact message) . I believe the Cisco IOS is using TLS v1.1 and the browsers are using TLS v1.2. The friend is not CLI savvy and want to use the GUI, so he can determine the ip nat translation statistic as well as the log. I have enable ip authentication http local not in sh run. Any help is appreciated.