C7206 (configuration) # int fa0/0
C7206 (configuration -if)# ip address198.1.1.1255.255.0
C7206 (Configuration -if)# No shutdown
C7206 (Configuration -if)# Exit
!
C7206 (configuration) # int fa2/0
C7206 (configuration -if)# ip address10.10.1.1255.255.0
C7206 (Configuration -if)# No shutdown
C7206 (Configuration -if)# Exit
!
C7206 (Configuration) # aaa New Model
C7206 (Configuration) # aaa Authentication Login Default Local
! In order to prevent the console from entering Exec due to timeout, a default authentication method is set, which has nothing to do with WebVPN.
!
C7206 (Configuration) # aaa Authentication Login aaa-webvpn Local
C7206 (Configuration) # User name steve6307 Password cisco
! Define WebVPN authentication method.
!
C7206 (Configuration) # webvpn Gateway mygateway
C7206 (Configuration -web VPN- Gateway) # ip address 198. 1. 1 port 443.
C7206 (Configuration -web VPN- Gateway) # Running
! Define the interface that WebVPN listens to, and then IOS will automatically generate a self-signed certificate.
!
C7206 (configuration) # webvpn context mywebvpn-context 1
C7206 (config-webvpn-context) # gatewaymygateway domain group 1
C7206 (Configuration -web VPN- Context) # aaa Authentication List aaa-webvpn
C7206 (Configuration -web VPN- Context) # In service
! In IOS, the context of WebVPN is equivalent to ASA's tunnel-group.
! In IOS, domain is equivalent to ASA's group name.
-
2. Configure SSLVPN.
Format disk 0: of 7206.
C7206# Format Disk 0:
-
Copy SVC to disk0:(flash) of 7200.
Note: If you use the dynamips emulator, it is best to copy the file through ftp!
C7206 (Configuration) # ip ftp User Name cisco
C7206 (Configuration) # ip ftp Password cisco
!
C7206# copy ftp disk 0:
Address or name of the remote host []? 202. 195.30.66
Source file name []? SSL client-win- 1. 1.2 . 169 . pkg
Target file name [sslclient-win-1.1.2.169.pkg]?
Visiting FTP://202.195.30.66/sslclient-win-1.1.2.169.pkg. ...
Loading SSL client-win-1.1.2.169.pkg! !
[OK-4 15090/4096 bytes]
4 15090 bytes (18 126 bytes/sec) were copied in 22.900 seconds.
-
Install SVC.
C7206 (configuration) # webvpn installs svc disk 0:/sslclient-win-1.1.2.169.pkg.
SSLVPN package SSL-VPN-Client: installed successfully.
-
C7206 (configuration) # int loopback0
C7206 (configuration -if)# ip address192.168.10.254 255.255.0.
C7206 (Configuration -if)# Exit
! In IOS, if the address pool is not on the same network segment as the intranet, you need to create a loopback interface.
!
C7206 (configuration) # ip local pool SSL- user192.168.10.192.168.
!
C7206 (configuration) # webvpn context mywebvpn-context 1
C7206(config-webvpn-context)# policy group context 1- policy
The c7206 (configuration -web VPN- group) # function supports svc.
C7206 (Configuration -web VPN- Group) # svc Address Pool SSL- User
C7206 (Configuration -web VPN- Group) # Exit
! Allow users to conduct SSL VPN.
!
C7206 (config-webvpn-context) # default-group policy context 1- policy
-
3. Configure SSL VPN tunnel separation (optional).
C7206 (configuration) # webvpn context mywebvpn-context 1
C7206(config-webvpn-context)# policy group context 1- policy
C7206(config-webvpn-group)# svc split includes10.10 255.255.0.
trouble-free