Example for simple network configuration
one router with WAN/LAN interfaces and loopback interface:
- FastEthernet0/0 - WAN interface
- FastEthernet0/1 - LAN interface
- Loopback0 - internal router interface
SSL VPN access to networks:
- 2.2.2.0/24
- 4.4.4.0/24
configure router
interface Loopback0
ip address 4.4.4.1 255.255.255.0
!
interface FastEthernet0/0
description WAN interface
ip address 1.1.1.100 255.255.255.0
duplex auto
speed auto
no shut
!
interface FastEthernet0/1
description LAN interface
ip address 2.2.2.1 255.255.255.0
duplex full
speed 100
no shut
!
username cisco password cisco
configure SSL VPN
ip local pool SSLVPN1_POOL 3.3.3.10 3.3.3.20
!
access-list 2 permit c 0.0.0.255
access-list 2 permit 4.4.4.0 0.0.0.255
!
webvpn gateway SSLVPN
ip interface FastEthernet0/0 port 443
http-redirect port 80
ssl encryption 3des-sha1
ssl trustpoint TP-self-signed-4279256517
logging enable
inservice
!
webvpn install svc disk0:/webvpn/anyconnect-win-2.5.0217-k9.pkg sequence 1
!
webvpn context SSLVPN
!
policy group SSLVPN1
functions svc-enabled
svc address-pool "SSLVPN1_POOL" netmask 255.255.255.0
svc keep-client-installed
svc split include acl 2
svc dns-server primary 10.10.10.1
svc dns-server secondary 10.10.10.2
!
ssl authenticate verify all
default-group-policy SSLVPN1
gateway SSLVPN
max-users 10
logging enable
inservice
disable loggin
no logging enable
access to VPN
http://1.1.1.100
Monday, June 25, 2012
Configure Cisco IOS SSL vpn
Subscribe to:
Posts (Atom)