Previous Page Next Page

Implementing Cisco IOS SSL VPN

Based on Figure 18-2, the following configuration examples provide basic deployment guidelines for implementing the Cisco IOS SSL VPN solution on the Cisco Integrated Services Routers (ISR) series.

Note

The Cisco SSL VPN (WebVPN) feature was introduced in Cisco IOS Software Release 12.3(14)T supporting SSL Version 3.


Example 18-1 shows a generic SSL VPN gateway configuration that includes some of the common features available.

Caution

There is a slight variation in command syntax between Cisco IOS version 12.3T and 12.4T when you are configuring an SSL VPN. Example 18-1 is captured from a Cisco IOS version 12.4T-based router.


Example 18-1. Configuring Cisco IOS SSL VPN

hostname SSL-Gateway
!
aaa new-model
aaa authentication login default local group radius
!
crypto pki trustpoint Gateway
 enrollment selfsigned
 ip-address 192.168.1.1
 revocation-check crl
 rsakeypair keys 1024 1024
!
crypto pki certificate chain Gateway
 certificate self-signed 02
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
!
ip local pool svc-pool 10.10.10.100 10.10.10.110
!
webvpn gateway ssl-vpn
 ip address 192.168.1.1 port 443
 ssl trustpoint Gateway
 inservice
 !
! The following line is required for SSLVPN Client.
webvpn install svc flash:/webvpn/svc.pkg
!
! The following line is required for Cisco Secure Desktop.
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context ssl-vpn
 ssl authenticate verify all
!
policy group default
! The following line enables SSLVPN Client.
   functions svc-enabled
! The following line enables clientless Citrix.
   citrix enabled
 default-group-policy default
! The following line maps this context to the virtual gateway and defines the domain
to use.
 gateway ssl-vpn domain sslvpn
! The following line enables Cisco Secure Desktop.
 csd enable
 inservice
!
<..>

					  

Tip

Refer to the following Cisco technical documentation for further details on configuring Cisco IOS SSL VPN and various other parameters:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_14/g_sslvpn.htm

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00805eeaea.html#wp1356909


The following show and debug commands can be used to verify functionality on a Cisco router (SSL VPN gateway).

Previous Page Next Page