dynamips lab:Cisco ios ssl vpn on dynamips test note2
Continue discussion in part 1, the topology is as follow:
The Cisco SSL VPN supports on working on full-tunnel mode. In full-tunnel mode, an SSL tunnel is used to move data to and from the internal networks at the network (IP) layer. When the user logs into the SSLVPN gateway, the SSL VPN client (SVC) is automatically downloaded and installed at the end user’s PC, and the tunnel connection is established. Once the connection is established, the user has full VPN access to the corporate network.1. Preparing for Cisco Web VPN. (the same as part 1)
c7206(config)# int fa0/0c7206(config-if)# ip add 198.1.1.1 255.255.255.0
c7206(config-if)# no shutdown
c7206(config-if)# exit
!
c7206(config)# int fa1/0
c7206(config-if)# ip add 10.10.1.1 255.255.255.0
c7206(config-if)# no shutdown
c7206(config-if)# exit
!
c7206(config)# aaa new-model
c7206(config)# aaa authentication login default local
!define the default aaa authentication list, allow the administrator to login this router, this configuration is foreign to the Web VPN.
!
c7206(config)# aaa authentication login aaa-webvpn local
c7206(config)# username steve6307 password cisco
!define the WebVPN authentication list.
!
c7206(config)# webvpn gateway mygateway
c7206(config-webvpn-gateway)# ip address 198.1.1.1 port 443
c7206(config-webvpn-gateway)# inservice
!define the WebVPN gateway address and port, usually the port is 443.
!
c7206(config)# webvpn context mywebvpn-context1
c7206(config-webvpn-context)# gateway mygateway domain group1
c7206(config-webvpn-context)# aaa authentication list aaa-webvpn
c7206(config-webvpn-context)# inservice
!define a WebVPN context. You must select a gateway and a aaa authentication list for each context. The domain name is very important to the configuration, because the end user will select the context by this domain name in the future.
2. Configure Cisco SSL VPN.
First of all, format the dynamips 7200 router disk0.
c7206# format disk0:Then, copy the SVC(SSL VPN Client) package to the 7200 disk0.
Note: the dynamips works on low efficiency, so I suggest to use FTP to copy the SVC.
c7206(config)# ip ftp username ciscoc7206(config)# ip ftp password cisco
!
c7206# copy ftp disk0:
Address or name of remote host []? 10.10.1.2
Source filename []? sslclient-win-1.1.2.169.pkg
Destination filename [sslclient-win-1.1.2.169.pkg]?
Accessing ftp://10.10.1.2/sslclient-win-1.1.2.169.pkg…
Loading sslclient-win-1.1.2.169.pkg !!
[OK - 415090/4096 bytes]
415090 bytes copied in 22.900 secs (18126 bytes/sec)Install the SVC.
c7206(config)# webvpn install svc disk0:/sslclient-win-1.1.2.169.pkgSSLVPN Package SSL-VPN-Client : installed successfully
c7206(config)# ip local pool ssl-user 192.168.10.1 192.168.10.99!define the SSL VPN user address pool.
!
c7206(config)# int loopback0
c7206(config-if)# ip address 192.168.10.254 255.255.255.0
c7206(config-if)# exit
!In Cisco IOS, if the SSL VPN user pool doesn’t have the save range with your inside network, you should define a loopback interface.
!In my lab, my inside network range is 10.10.1.0/24, and my address pool range is 192.168.10.1~99, so I need to define a loopback interface with the address 192.168.10.254.
!
c7206(config)# webvpn context mywebvpn-context1
c7206(config-webvpn-context)# policy group context1-policy
c7206(config-webvpn-group)# functions svc-enabled
c7206(config-webvpn-group)# svc address-pool ssl-user
c7206(config-webvpn-group)# exit
!define the group policy, allow the user to use the SSL VPN function.
!
c7206(config-webvpn-context)# default-group-policy context1-policy
!assign the policy as the default group policy.
3. Configure the SSL VPN split tunneling. (optional)
c7206(config)# webvpn context mywebvpn-context1c7206(config-webvpn-context)# policy group context1-policy
c7206(config-webvpn-group)# svc split include 10.10.1.0 255.255.255.0
!In the split tunnel list, I configured the inside network range. This means the WebVPN service will notify the SSL VPN Client to modify there local routing table, and then the client can access inside network and Internet at the same time.
4. Feature test.
Login WebVPN , and then I saw the page as follow:
Then the WebVPN started the SVC install program.
After the installation, the SVC started successfully, and then I have unrestricted permission of the inside network accessing.
Now, I can see the SSL VPN Client info.
The Cisco copyright info is as follow, aha, this is so cool!
The first is the gap of income level. The person with lower income will buy some comparatively cheap fittings to seek for the feeling,Louis Vuitton Onatah GM Orange Arago and to indicate that themselves are also a member to this class.Louis Vuitton Onatah PM Cacao The second is the gap of taste. For the true big brand, it’s impossible to reduce anything in the design, Omega Descriptionthat is, it prefers to concision while this means excessively conservative to the person who don’t belong to this class.
[Reply]
why you not to the IBM certification site find the latest 000-200 exam
[Reply]