dynamips lab:Cisco IOS SSL VPN on dynamips test note
This test note describes how to configure Cisco SSL VPN on Cisco IOS routers. The whole lab is build on Dynamips 7200 simulator.
SSL VPNs use a methodology to transport private data across the public Internet. Instead of relying upon the end user to have a configured client on an agency-managed computer, SSL VPNs use SSL /HTTPS which is the secure transport mechanism built-in to all standard Web browsers. Using an SSL VPN, the connection between the user and the internal resource occurs via an HTTPS connection at the application-layer.
I have completed all the Cisco SSL labs on Dynamips 7200 simulator, the topology is as follow:
The Dynagen configuration is as follow:
|
autostart = false |
1. Preparing for Cisco Web VPN.
c7206(config)# int fa0/0
c7206(config-if)# ip add 198.1.1.1 255.255.255.0
c7206(config-if)# no shutdown
c7206(config-if)# exit
!
c7206(config)# int fa1/0
c7206(config-if)# ip add 10.10.1.1 255.255.255.0
c7206(config-if)# no shutdown
c7206(config-if)# exit
!
c7206(config)# aaa new-model
c7206(config)# aaa authentication login default local
!define the default aaa authentication list, allow the administrator to login this router, this configuration is foreign to the Web VPN.
!
c7206(config)# aaa authentication login aaa-webvpn local
c7206(config)# username steve6307 password cisco
!define the WebVPN authentication list.
!
c7206(config)# webvpn gateway mygateway
c7206(config-webvpn-gateway)# ip address 198.1.1.1 port 443
c7206(config-webvpn-gateway)# inservice
!define the WebVPN gateway address and port, usually the port is 443.
!
c7206(config)# webvpn context mywebvpn-context1
c7206(config-webvpn-context)# gateway mygateway domain group1
c7206(config-webvpn-co
ntext)# aaa authentication list aaa-webvpn
c7206(config-webvpn-context)# inservice
!define a WebVPN context. You must select a gateway and a aaa authentication list for each context. The domain name is very important to the configuration, because the end user will select the context by this domain name in the future.
2. Basic feature test(Web browsing).
I used Firefox to test the WebVPN feature. I entered “https://198.1.1.1/group1″ in the address bar, and then I saw the WebVPN home page.
Note: the url format is https://webvpn_gateway_addr/context_domain_name
I entered my username and password in the dialog box, and then click “Login”.
Now I have successfully logon the webvpn!
I entered the Internal Server IP address in the URL page, and then I accessed the internal server web page successfully.
3. WebVPN extended services.
Now, let’s talk about how to configure the webvpn extended services:
1. File-access feature.
2. Custom the url-list.
3. Port-forward feature.
3.1. File-access feature
The file-access feature can provide browsing and file access of files on the windows file server (NetBIOS name service server).
To use the file access-feature, the user must have “file-access file-entry file-browsing” privilege.
c7206(config)# webvpn context mywebvpn-context1
c7206(config-webvpn-nbnslist)# nbns-server 10.10.1.2
c7206(config-webvpn-nbnslist)# exit
!You must define the NetBIOS name server for IOS WebVPN. In fact, this is optional if you use the ip address to access the file server in the future.
!
c7206(config-webvpn-context)# policy group context1-policy
c7206(config-webvpn-group)# functions file-access
c7206(config-webvpn-group)# functions file-browse
c7206(config-webvpn-group)# functions file-entry
c7206(config-webvpn-group)# exit
!define the group policy for this context, assign the “file-access file-entry file-browsing” privilege.
!
c7206(config-webvpn-context)# default-group-policy context1-policy
!assign the group policy as default policy.
Feature test:
Login WebVPN again, I saw the page as follow:
I entered “\\10.10.1.2″ as the network path, and then the browser prompted me to enter my username and password to access the resources of my file server:
3.2. Custom the url-list
c7206(config-webvpn-context)# url-list myurl
c7206(config-webvpn-url)#url-text “Home Page” url-value http://10.10.1.2
c7206(config-webvpn-url)#url-text “Site2″url-value http://10.10.1.3
!
c7206(config-webvpn-context)#policy group context1-policy
c7206(config-webvpn-group)#url-list myurl
Feature test:
Login WebVPN again, I saw the page as follow:
3.3. Port-forward
Port-forward feature provides access for remote end users to client and server applications that communicate over known, fixed TCP ports. Each internal server and port number that the user can have access to has to be configured on the gateway. The entries specify the local port number and the destination server name and port number to use for TCP port forwarding.
c7206(config-webvpn-context)# port-forward myport
c7206(config-webvpn-port-fwd)# local-port 2323 remote-server 10.10.1.2 remote-port 23 description test
c7206(config-webvpn-port-fwd)# exit
!
c7206(config-webvpn-context)# policy group context1-policy
c7206(config-webvpn-group)# port-forward myport
!when I login the WebVPN, the browser load the JAVA App, and then I can telnet the internal server via telnet localhost 2323 port.
Feature test:
Login WebVPN again, I saw the page as follow:
Click “Application Access”, and then the browser can load the java app.
well know body no what happen next.
[Reply]
Such kind of consumers own a big proportion in buying the luxury goods with comparatively lower price.Louis Vuitton Onatah PM Fleur Mais The expert also said that the luxury goods dealers have a good knowledge about this point, Louis Vuitton Onatah PM Maisso firstly they will introduce into perfume and fittings when they introduce into a brand.The products that pay special attention to texture?handwork and quantity limitation, like costume, are seeking for reputation. Omega DescriptionHowever, the products with comparatively lower price, such as perfume and fittings, often make the highest profit and are the biggest profit source of these luxury goods manufacturers.
[Reply]