SSL VPN

HTTP_SERVER:

  int f 0/0

ip add 10.1.1.2 255.255.255.0

no sh

!

ip route 0.0.0.0 0.0.0.0 f0/0

ip http server


TELNET_SERVER:

int f 0/0

ip add 10.1.1.1 255.255.255.0

no sh

!

ip route 0.0.0.0 0.0.0.0 f0/0

line vty 0 4

password cisco
enable pass cisco


ssl_gateway (r3):

int f 0/0

ip add   10.1.1.10 255.255.255.0

no sh

int f 0/1

ip add 1.1.1.10 255.255.255.0

no sh

CLIENTLESS MODE:

aaa new-modelç enable aaa services

aaa authentication login SSL localç method list to refer local database

username cisco@HR password ciscoç creating username and password

username ccie@admin password ccieç creating username and password

webvpn gateway SSLGWç  entering gateway config mode

ip add 1.1.1.10 port 8080 ç user defined port number

ssl encryption 3des-sha1 ç default

inservice ç To activate SSL gateway

Webvpn context SECURITYç entering context config mode

url-list   “ ALLOWED URL ” ç It   won’t accept space if we didn’t give quotes

nbns-list NBNSç optional

nbns-server 11.1.1.1ç optional

aaa authentication list SSL

  aaa authentication domain @HR ç only members belong to HR can access

gateway SSLGW domain HRç  assigning gateway to the context

           policy group HR

                                functions file-access

                                functions file-entry

                                functions file-browse

                                url-list “ALLOWED URL”

                                nbns-list NBNS

                                banner   WELCOME

                                exit

           default-group-policy HR

         inservice ç To activate SSL context

TO CHANGE COLOR::

webvpn context SECURITY

     color PINK

     secondary-color BLUE

     text-color RED

     secondary-text-color RED

TO HIDE URL BAR ::

webvpn context SECURITY

   policy group HR

       hide-url-bar

THIN CLIENT MODE:

webvpn context SECURITY

     port-forward PORT   ç name

       local-port 2323 remote-server 10.1.1.1 remote-port 23 description TELNET

policy group HR

       port-forward PORT


THICK CLIENT MODE:

Using SVC

Sh flash:

webvpn install svc flash: filename

webvpn context SECURITY

policy group HR

   functions svc-enabled

Using CSD    cisco secure desktop


Sh flash:

webvpn install csd flash: filename

webvpn context SECURITY

   csd enable


VERIFICATION COMMANDS:

sh webvpn gateway

sh run | sec web

sh webvpn context

sh webvpn session context all