Cisco: WebVPN
De volgende config kan je als basis nemen voor een webvpn, Hier is het mogelijk: - de Thin Client (java applet met port forward) te starten,
- de AnyConnect (Full ssl tunnel) te starten,
- Interne URL's te bezoeken,
- of om de smb share te browsen
logging buffered 65535
aaa new-model
aaa authentication login default local
aaa authentication login webvpn_login local
aaa authorization exec default local
aaa session-id common
!
crypto pki trustpoint VPN
enrollment selfsigned
serial-number
fqdn url.domain.tld
subject-name cn=domain.tld
revocation-check none
rsakeypair VPNweb 2048 2048
!
!
crypto pki certificate chain VPN
certificate self-signed 02
30220273 338406D7 A0337221 02325172 804D5602 23865866 37040101 03040530
[..]
9376722D CA362237 1154CD21 46400A5F 1A2E2786 3C2DF3
quit
!
username admin privilege 15 secret 5 *************
!
ip local pool vpnusers 192.168.60.100 192.168.60.200
!
webvpn gateway gateway_1
hostname url.domain.tld
ip interface FastEthernet0/1 port 443
ssl trustpoint VPN
inservice
!
webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1
!
webvpn install svc flash:/webvpn/anyconnect-linux-2.4.0202-k9.pkg sequence 2
!
webvpn context test
title "Domain.tld - WebVPN"
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
!
cifs-url-list "smbserver"
heading "Cifs on SMBSERVER"
url-text "Tweak" url-value "//[SMB_SERVERIP]"
!
port-forward "portforward_list_1"
local-port 3000 remote-server "[REMOTE_RDP_IP]" remote-port 3389 description "RDP"
!
policy group policy_1
cifs-url-list "smbserver"
port-forward "portforward_list_1"
functions file-access
functions file-browse
functions svc-enabled
mask-urls
svc address-pool "vpnusers"
svc keep-client-installed
svc split dns "[INTERNALDNS_IP]"
svc split include 192.168.0.0 255.255.255.0
svc split include 192.168.60.0 255.255.255.0
svc dns-server primary [INTERNAL_DNS]
default-group-policy policy_1
aaa authentication list webvpn_login
gateway gateway_1
inservice
!