Cisco: WebVPN
Jump to navigation
Jump to search
De volgende config kan je als basis nemen voor een webvpn, Hier is het mogelijk: - de Thin Client (java applet met port forward) te starten,
- de AnyConnect (Full ssl tunnel) te starten,
- Interne URL's te bezoeken,
- of om de smb share te browsen
logging buffered 65535 aaa new-model aaa authentication login default local aaa authentication login webvpn_login local aaa authorization exec default local aaa session-id common ! crypto pki trustpoint VPN enrollment selfsigned serial-number fqdn url.domain.tld subject-name cn=domain.tld revocation-check none rsakeypair VPNweb 2048 2048 ! ! crypto pki certificate chain VPN certificate self-signed 02 30220273 338406D7 A0337221 02325172 804D5602 23865866 37040101 03040530 [..] 9376722D CA362237 1154CD21 46400A5F 1A2E2786 3C2DF3 quit ! username admin privilege 15 secret 5 ************* ! ip local pool vpnusers 192.168.60.100 192.168.60.200 ! webvpn gateway gateway_1 hostname url.domain.tld ip interface FastEthernet0/1 port 443 ssl trustpoint VPN inservice ! webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1 ! webvpn install svc flash:/webvpn/anyconnect-linux-2.4.0202-k9.pkg sequence 2 ! webvpn context test title "Domain.tld - WebVPN" secondary-color white title-color #669999 text-color black ssl authenticate verify all ! cifs-url-list "smbserver" heading "Cifs on SMBSERVER" url-text "Tweak" url-value "//[SMB_SERVERIP]" ! port-forward "portforward_list_1" local-port 3000 remote-server "[REMOTE_RDP_IP]" remote-port 3389 description "RDP" ! policy group policy_1 cifs-url-list "smbserver" port-forward "portforward_list_1" functions file-access functions file-browse functions svc-enabled mask-urls svc address-pool "vpnusers" svc keep-client-installed svc split dns "[INTERNALDNS_IP]" svc split include 192.168.0.0 255.255.255.0 svc split include 192.168.60.0 255.255.255.0 svc dns-server primary [INTERNAL_DNS] default-group-policy policy_1 aaa authentication list webvpn_login gateway gateway_1 inservice !