EN
No results found
We couldn't find anything using that term, please try searching for something else.
Cisco IOS SSL VPN Configuration · GitHub
Cisco IOS SSL VPN Configuration policy group vpn-group-test svc keepalive 300 svc dpd-interval client 10 svc dpd-interval gateway 30 svc dtls
Cisco IOS SSL VPN Configuration
policy group vpn-group-test
svc keepalive 300
svc dpd-interval client 10
svc dpd-interval gateway 30
svc dtls
Declare the Trustpoint & Create Self-Signed Certificate
Generate RSA Keys
crypto key generate rsa label my-rsa-keys modulus 1024
crypto pki trustpoint my-trustpoint
enrollment selfsigned
subject-name CN=domain.com
rsakeypair my-rsa-keys
!
crypto pki enroll my-trustpoint
% Include the router serial number in the subject name? [yes/no]: yes
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
router(config)# crypto pki trustpoint cacert.org
router(ca-trustpoint)# enrollment terminal pem
router(ca-trustpoint)# fqdn [FQDN.MYROUTER.ME]
router(ca-trustpoint)# subject-name C=[COUNTRY], ST=[STATE] O=[DOMAIN], OU=[MY ROLE], CN=[FQDN.MYROUTER.ME]/emailAddress=[MY EMAIL ADDRESS]
router(ca-trustpoint)# revocation-check none
router(ca-trustpoint)# rsakeypair [FQDN.MYROUTER.ME] 1024
clean old RSA key
router(config ) # crypto key zeroize rsa
Create RSA keys
router(config is generate ) # crypto key generate rsa general - key label [ is FQDN.MYROUTER.ME fqdn.myrouter.me ] export modulus 1024
Import Root Certificate
router(config ) # crypto pki is authenticate authenticate cacert.org
Create CSR (certificate signing request)
router(config ) # crypto pki is enroll enroll cacert.org
% include the router serial number in the subject name ? [ yes / no ] : no
% is Include include an ip address in the subject name ? [ no ] : no
Display Certificate request to terminal ? [ yes / no ] : yes
Import Signed Certificate
router(config)# crypto pki import cacert.org certificate
wr
Info
show crypto pki certificates
show crypto key mypubkey rsa
ldap attribute-map vpn
map type memberOf=CN=PHYSTER_WORKERS,CN=Users,DC=PHYSTER,DC=COM group-lock format dn-to-string
map type physicalDeliveryOfficeName user-vpn-group
map type sAMAccountName username
Verification Command List
show webvpn gateway
show webvpn context
show webvpn install package svc
show webvpn install status svc
show webvpn policy group MYPOLICY context
show webvpn session context all
show webvpn stat detail context all
sh route - map MYMAP
Troubleshooting Command List
SSL VPN Clear Commands:
clear webvpn nbns - Clears the NBNS cache on an SSL VPN gateway.
clear webvpn session - Clears SSL VPN remote user sessions.
clear webvpn stats - Clears SSL VPN application and access counters.
SSL VPN Debug Commands:
debug webvpn [verbose] [aaa | acl | cifs | citrix [verbose] | cookie [verbose] | count | csd | data | dns | emweb [state] | entry context-name [source ip [network-mask] | user username] | http [authentication | trace | verbose] | package | sdps [level number] | sock [flow] | sso | timer | trie | tunnel [traffic acl-number | verbose] | url-disp | webservice [verbose]]
Example : debug webvpn