通过sdm配置cisco ssl vpnWord文件下载.docx
- 文档编号:20510230
- 上传时间:2023-01-23
- 格式:DOCX
- 页数:34
- 大小:399.40KB
通过sdm配置cisco ssl vpnWord文件下载.docx
《通过sdm配置cisco ssl vpnWord文件下载.docx》由会员分享,可在线阅读,更多相关《通过sdm配置cisco ssl vpnWord文件下载.docx(34页珍藏版)》请在冰豆网上搜索。
Cisco3725,3745,3825,3845,7200and7301seriesrouters
Prerequisites
Requirements
Ensurethatyoumeettheserequirementsbeforeyouattemptthisconfiguration:
AnadvancedimageofCiscoIOSSoftwareRelease12.4(6)Torlater
OneoftheCiscorouterplatformslistedintheIntroduction
ComponentsUsed
Theinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:
Cisco3825router
AdvancedEnterprisesoftwareimage-CiscoIOSSoftwareRelease12.4(9)T
CiscoRouterandSecurityDeviceManager(SDM)-version2.3.1
Theinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.TheIPaddressesusedinthisexamplearetakenfromRFC1918addresseswhichareprivateandnotlegaltouseontheInternet.
NetworkDiagram
Thisdocumentusesthisnetworksetup:
Conventions
RefertotheCiscoTechnicalTipsConventionsformoreinformationondocumentconventions.
PreconfigurationTasks
Beforeyoubegin,completethesetasks:
Configureahostnameanddomainname.
ConfiguretherouterforSDM.CiscoshipssomerouterswithapreinstalledcopyofSDM.
IftheCiscoSDMisnotalreadyloadedonyourrouter,youcanobtainafreecopyofthesoftwarefromSoftwareDownload(registeredcustomersonly).YoumusthaveaCCOaccountwithaservicecontract.FordetailedinformationontheinstallationandconfigurationofSDM,refertoCiscoRouterandSecurityDeviceManager.
Configurethecorrectdate,time,andtimezoneforyourrouter.
ConfigureWebVPNonCiscoIOS
YoucanhavemorethanoneWebVPNgatewayassociatedwithadevice.EachWebVPNgatewayislinkedtoonlyoneIPaddressontherouter.YoucancreatemorethanoneWebVPNcontextforaparticularWebVPNgateway.Toidentifyindividualcontexts,provideeachcontextwithauniquename.OnepolicygroupcanbeassociatedwithonlyoneWebVPNcontext.ThepolicygroupdescribeswhichresourcesareavailableinaparticularWebVPNcontext.
CompletethesestepsinordertoconfigureWebVPNonCiscoIOS:
ConfiguretheWebVPNGateway
ConfiguretheResourcesAllowedforthePolicyGroup
ConfiguretheWebVPNPolicyGroupandSelecttheResources
ConfiguretheWebVPNContext
ConfiguretheUserDatabaseandAuthenticationMethod
Step1.ConfiguretheWebVPNGateway
CompletethesestepsinordertoconfiguretheWebVPNGateway:
WithintheSDMapplication,clickConfigure,andthenclickVPN.
ExpandWebVPN,andchooseWebVPNGateways.
ClickAdd.
TheAddWebVPNGatewaydialogboxappears.
EntervaluesintheGatewayNameandIPAddressfields,andthenchecktheEnableGatewaycheckbox.
ChecktheRedirectHTTPTrafficcheckbox,andthenclickOK.
ClickSave,andthenclickYestoacceptthechanges.
Step2.ConfiguretheResourcesAllowedforthePolicyGroup
Inordertomakeiteasiertoaddresourcestoapolicygroup,youcanconfiguretheresourcesbeforeyoucreatethepolicygroup.
Completethesestepsinordertoconfiguretheresourcesallowedforthepolicygroup:
ClickConfigure,andthenclickVPN.
ChooseWebVPN,andthenclicktheEditWebVPNtab.
WebVPNallowsyoutoconfigureaccessforHTTP,HTTPS,WindowsfilebrowsingthroughtheCommonInternetFileSystem(CIFS)protocol,andCitrix.
TheAddWebVPNContextdialogboxappears.
ExpandWebVPNContext,andchooseURLLists.
ClickAdd.
TheAddURLListdialogboxappears.
EntervaluesintheURLListNameandHeadingfields.
ClickAdd,andchooseWebsite.
ThislistcontainsalltheHTTPandHTTPSWebserversthatyouwanttobeavailableforthisWebVPNconnection.
InordertoaddaccessforOutlookWebAccess(OWA),clickAdd,chooseE-mail,andthenclickOKafteryouhavefilledinallthedesiredfields.
InordertoallowWindowsfilebrowsingthroughCIFS,youcandesignateanNetBIOSNameService(NBNS)serverandconfiguretheappropriatesharesintheWindowsdomaininorder.
FromtheWebVPNContextlist,chooseNetBIOSNameServerLists.
TheAddNBNSServerListdialogboxappears.
Enteranameforthelist,andclickAdd.
TheNBNSServerdialogboxappears.
Ifapplicable,checktheMakeThistheMasterServercheckbox.
ClickOK,andthenclickOK.
Step3.ConfiguretheWebVPNPolicyGroupandSelecttheResources
CompletethesestepsinordertoconfiguretheWebVPNpolicygroupandselecttheresources:
ClickConfigure,andthenclickVPN.
ExpandWebVPN,andchooseWebVPNContext.
ChooseGroupPolicies,andclickAdd.
TheAddGroupPolicydialogboxappears.
Enteranameforthenewpolicy,andchecktheMakethisthedefaultgrouppolicyforcontextcheckbox.
ClicktheClientlesstablocatedatthetopofthedialogbox.
ChecktheSelectcheckboxforthedesiredURLList.
IfyourcustomersuseCitrixclientsthatneedaccesstoCitrixservers,checktheEnableCitrixcheckbox.
ChecktheEnableCIFS,Read,andWritecheckboxes.
ClicktheNBNSServerListdrop-downarrow,andchoosetheNBNSserverlistthatyoucreatedforWindowsfilebrowsinginStep2.
ClickOK.
Step4.ConfiguretheWebVPNContext
InordertolinktheWebVPNgateway,grouppolicy,andresourcestogether,youmustconfiguretheWebVPNcontext.InordertoconfiguretheWebVPNcontext,completethesesteps:
ChooseWebVPNContext,andenteranameforthecontext.
ClicktheAssociatedGatewaydrop-downarrow,andchooseanassociatedgateway.
Ifyouintendtocreatemorethanonecontext,enterauniquenameintheDomainfieldtoidentifythiscontext.IfyouleavetheDomainfieldblank,usersmustaccesstheWebVPNwithhttps:
//IPAddress.Ifyouenteradomainname(forexample,Sales),usersmustconnectwithhttps:
//IPAddress/Sales.
ChecktheEnableContextcheckbox.
IntheMaximumNumberofUsersfield,enterthemaximumnumberofusersallowedbythedevicelicense.
ClicktheDefaultGrouppolicydrop-downarrow,andselectthegrouppolicytoassociatewiththiscontext.
Step5.ConfiguretheUserDatabaseandAuthenticationMethod
YoucanconfigureClientlessSSLVPN(WebVPN)sessionstoauthenticatewithRadius,theCiscoAAAServer,oralocaldatabase.Thisexampleusesalocaldatabase.
Completethesestepsinordertoconfiguretheuserdatabaseandauthenticationmethod:
ClickConfiguration,andthenclickAdditionalTasks.
ExpandRouterAccess,andchooseUserAccounts/View.
ClicktheAddbutton.
TheAddanAccountdialogboxappears.
Enterauseraccountandapassword.
Results
TheASDMcreatesthesecommand-lineconfigurations:
ausnml-3825-01
Buildingconfiguration...
Currentconfiguration:
4190bytes
!
Lastconfigurationchangeat17:
22:
23UTCWedJul262006byausnml
NVRAMconfiglastupdatedat17:
31UTCWedJul262006byausnml
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
servicepassword-encryption
hostnameausnml-3825-01
boot-start-marker
bootsystemflashc3825-adventerprisek9-mz.124-9.T.bin
boot-end-marker
nologgingbuffered
enablesecret5$1$KbIu$5o8qKYAVpWvyv9rYbrJLi/
aaanew-model
aaaauthenticationlogindefaultlocal
aaaauthenticationloginsdm_vpn_xauth_ml_1local
aaaauthorizationexecdefaultlocal
aaasession-idcommon
resourcepolicy
ipcef
ipdomainname
voice-card0
nodspfarm
---Self-SignedCertificateInformation
cryptopkitrustpointausnml-3825-01_Certificate
enrollmentselfs
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 通过sdm配置cisco ssl vpn 通过 sdm 配置 cisco