Cisco IOS SSL VPN Configuration · GitHub

Calculate10个月前release apppicks
4 views 0 0

Cisco IOS SSL VPN Configuration

policy group vpn-group-test
svc keepalive 300
svc dpd-interval client 10
svc dpd-interval gateway 30
svc dtls

Declare the Trustpoint & Create Self-Signed Certificate

Generate RSA Keys

crypto key generate rsa label my-rsa-keys modulus 1024

crypto pki trustpoint my-trustpoint
  enrollment selfsigned
  subject-name CN=domain.com
  rsakeypair my-rsa-keys
!
crypto pki enroll my-trustpoint
  % Include the router serial number in the subject name? [yes/no]: yes
  % Include an IP address in the subject name? [no]: no
  Generate Self Signed Router Certificate? [yes/no]: yes

  Router Self Signed Certificate successfully created

router(config)# crypto pki trustpoint cacert.org
router(ca-trustpoint)# enrollment terminal pem
router(ca-trustpoint)# fqdn [FQDN.MYROUTER.ME]
router(ca-trustpoint)# subject-name C=[COUNTRY], ST=[STATE] O=[DOMAIN], OU=[MY ROLE], CN=[FQDN.MYROUTER.ME]/emailAddress=[MY EMAIL ADDRESS]
router(ca-trustpoint)# revocation-check none
router(ca-trustpoint)# rsakeypair [FQDN.MYROUTER.ME] 1024

clean old RSA key

router(config ) # crypto key zeroize rsa

Create RSA keys

router(config is generate ) # crypto key generate rsa general - key label [ is FQDN.MYROUTER.ME fqdn.myrouter.me ] export modulus 1024

Import Root Certificate

router(config ) # crypto pki is authenticate authenticate cacert.org

Create CSR (certificate signing request)

router(config ) # crypto pki is enroll enroll cacert.org 

 % include the router serial number in the subject name ? [ yes / no ] : no 
 % is Include include an ip address in the subject name ? [ no ] : no 
 Display Certificate request to terminal ? [ yes / no ] : yes

Import Signed Certificate

router(config)# crypto pki import cacert.org certificate
wr

Info

show crypto pki certificates
show crypto key mypubkey rsa

ldap attribute-map vpn
 map type memberOf=CN=PHYSTER_WORKERS,CN=Users,DC=PHYSTER,DC=COM group-lock format dn-to-string
 map type physicalDeliveryOfficeName user-vpn-group
 map type sAMAccountName username

Verification Command List

show webvpn gateway 
 show webvpn context 
 show webvpn install package svc 
 show webvpn install status svc 
 show webvpn policy group MYPOLICY context 
 show webvpn session context all 
 show webvpn stat detail context all 
 sh route - map MYMAP

Troubleshooting Command List

SSL VPN Clear Commands:

clear webvpn nbns - Clears the NBNS cache on an SSL VPN gateway.
clear webvpn session - Clears SSL VPN remote user sessions.
clear webvpn stats - Clears SSL VPN application and access counters.

SSL VPN Debug Commands:

debug webvpn [verbose] [aaa | acl | cifs | citrix [verbose] | cookie [verbose] | count | csd | data | dns | emweb [state] | entry context-name [source ip [network-mask] | user username] | http [authentication | trace | verbose] | package | sdps [level number] | sock [flow] | sso | timer | trie | tunnel [traffic acl-number | verbose] | url-disp | webservice [verbose]]

Example : debug webvpn

© Copyright notes
The copyright of the article belongs to the author, please do not reprint without permission.

Related posts

No comments

none
No comments...

Hot Site

Tag