注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

欢迎光临shaying110的博客

RSed-ISPing

 
 
 

日志

 
 

CISCO C2921/k9 配置 SSL-VPN(WEB-VPN)  

2012-02-09 16:46:05|  分类: CISCO网络 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

Router#dir
Directory of flash0:/

    1  -rw-    62682268  Mar 23 2011 21:42:48 +00:00  c2900-universalk9-mz.SPA.150-1.M4.bin
    2  -rw-        2903  Mar 23 2011 21:52:20 +00:00  cpconfig-29xx.cfg
    3  -rw-     2941440  Mar 23 2011 21:52:32 +00:00  cpexpress.tar
    4  -rw-        1038  Mar 23 2011 21:52:40 +00:00  home.shtml
    5  -rw-      115712  Mar 23 2011 21:52:48 +00:00  home.tar
    6  -rw-     1697952  Mar 23 2011 21:53:02 +00:00  securedesktop-ios-3.1.1.45-k9.pkg
    7  -rw-      415956  Mar 23 2011 21:53:16 +00:00  sslclient-win-1.1.4.176.pkg
1、安装SSL客户端
Router(config)#webvpn install svc  flash0:/sslclient-win-1.1.4.176.pkg
2、启用AAA
Router(config)#aaa new-model
3、防止控制台超时无法进入
Router(config)#aaa authentication login default local
4、配置webvpn认证
Router(config)#aaa authentication login webvpn local
5、定义WEBVPN本地认证用户、密码及IP地址池
Router(config)#ip local pool ssl-add 172.16.25.33 172.16.25.62
Router(config)#user test pass test
6、定义WEBVPN监听接口,自动产生签名证书
Router(config)#webvpn gateway vpngateway
如下提示:输入 YES
PLEASE  READ THE  FOLLOWING TERMS  CAREFULLY. INSTALLING THE LICENSE OR
LICENSE  KEY  PROVIDED FOR  ANY CISCO  PRODUCT  FEATURE  OR  USING SUCH
PRODUCT  FEATURE  CONSTITUTES  YOUR  FULL ACCEPTANCE  OF  THE FOLLOWING
TERMS. YOU MUST NOT PROCEED FURTHER IF YOU ARE NOT WILLING TO  BE BOUND
BY ALL THE TERMS SET FORTH HEREIN.

Use of this product feature requires  an additional license from Cisco,
together with an additional  payment.  You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the  product,  including  during the 60 day  evaluation  period,  is
subject to the Cisco end user license agreement
http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day  evaluation  period,  your  use of the  product  feature will be
governed  solely by the Cisco  end user license agreement (link above),
together  with any supplements  relating to such product  feature.  The
above  applies  even if the evaluation  license  is  not  automatically
terminated  and you do  not receive any notice of the expiration of the
evaluation  period.  It is your  responsibility  to  determine when the
evaluation  period is complete and you are required to make  payment to
Cisco for your use of the product feature beyond the evaluation period.

Your  acceptance  of  this agreement  for the software  features on one
product  shall be deemed  your  acceptance  with  respect  to all  such
software  on all Cisco  products  you purchase  which includes the same
software.  (The foregoing  notwithstanding, you must purchase a license
for each software  feature you use past the 60 days evaluation  period,
so  that  if you enable a software  feature on  1000  devices, you must
purchase 1000 licenses for use past  the 60 day evaluation period.)   

Activation  of the  software command line interface will be evidence of
your acceptance of this agreement.


ACCEPT? [yes/no]: yes
Router(config-webvpn-gateway)#ip address 124.207.200.122 port 443
Router(config-webvpn-gateway)#inservice   启用webvpn gateway
7、定义webvpn相关配置,类似tunnel-group
Router(config)#webvpn context webcontext
Router(config-webvpn-context)#gateway vpngateway //将context和gateway相关联
Router(config-webvpn-context)#aaa authentication list webvpn 
Router(config-webvpn-context)#inservice
Router(config-webvpn-context)# policy group sslvpn-policy   //进入sslvpn策略组
Router(config-webvpn-group)#functions svc-enabled
Router(config-webvpn-group)#svc address-pool ssl-add  //分配SVC使用的地址池
Router(config-webvpn-context)#default-group-policy sslvpn-policy 
 

  评论这张
 
阅读(1145)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017