Cisco: WebVPN

From Frotmail Projects
Jump to navigation Jump to search

De volgende config kan je als basis nemen voor een webvpn, Hier is het mogelijk: - de Thin Client (java applet met port forward) te starten,

- de AnyConnect (Full ssl tunnel) te starten,

- Interne URL's te bezoeken,

- of om de smb share te browsen

logging buffered 65535
aaa new-model
aaa authentication login default local
aaa authentication login webvpn_login local
aaa authorization exec default local
aaa session-id common
!
crypto pki trustpoint VPN
 enrollment selfsigned
 serial-number
 fqdn url.domain.tld
 subject-name cn=domain.tld
 revocation-check none
 rsakeypair VPNweb 2048 2048
!
!
crypto pki certificate chain VPN
 certificate self-signed 02
  30220273 338406D7 A0337221 02325172 804D5602 23865866 37040101 03040530
 [..]
  9376722D CA362237 1154CD21 46400A5F 1A2E2786 3C2DF3
        quit
!
username admin privilege 15 secret 5 *************
!
ip local pool vpnusers 192.168.60.100 192.168.60.200
!
webvpn gateway gateway_1
 hostname url.domain.tld
 ip interface FastEthernet0/1 port 443
 ssl trustpoint VPN
 inservice
 !
webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1
 !
webvpn install svc flash:/webvpn/anyconnect-linux-2.4.0202-k9.pkg sequence 2
 !
webvpn context test
 title "Domain.tld - WebVPN"
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 !
 cifs-url-list "smbserver"
   heading "Cifs on SMBSERVER"
   url-text "Tweak" url-value "//[SMB_SERVERIP]"
 !
 port-forward "portforward_list_1"
   local-port 3000 remote-server "[REMOTE_RDP_IP]" remote-port 3389 description "RDP"
 !
 policy group policy_1
   cifs-url-list "smbserver"
   port-forward "portforward_list_1"
   functions file-access
   functions file-browse
   functions svc-enabled
   mask-urls
   svc address-pool "vpnusers"
   svc keep-client-installed
   svc split dns "[INTERNALDNS_IP]"
   svc split include 192.168.0.0 255.255.255.0
   svc split include 192.168.60.0 255.255.255.0
   svc dns-server primary [INTERNAL_DNS]
 default-group-policy policy_1
 aaa authentication list webvpn_login
 gateway gateway_1
 inservice
!