Creating an SSL VPN
Problem
You want to create an SSL VPN using Cisco’s WebVPN services on an IOS router.
Solution
You can configure a simple SSL VPN on a router, essentially constructing an HTTPS portal that includes simple port forwarding:
Core#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Core(config)#hostname
Core(config)#
Core
ip domain-name
Core(config)#
oreilly.com
aaa new-model
Core(config)#aaa authentication login
local_auth
local
Core(config)#username ijbrown secret
Core(config)#
ianspassword
username kdooley secret
Core(config)#
kevinspassword
crypto pki trustpoint
Core(ca-trustpoint)#
WEBVPN
enrollment selfsigned
Core(ca-trustpoint)#rsakeypair
Core(ca-trustpoint)#
WEBVPN 1024
subject-name
Core(ca-trustpoint)#
CN=WEBVPN OU=cookbooks O=oreilly
exit
Core(config)#crypto pki enroll
The router has already generated a Self Signed Certificate for trustpoint TP-self-signed-3299111097. If you continue the existing trustpoint and Self Signed Certificate will be deleted. Do you want to continue generating a new Self Signed Certificate? [yes/no]:
WEBVPN
yes
% Include the router serial number in the subject name? [yes/no]:no
% Include an IP address in the subject name? [no]:no
Generate Self Signed Router Certificate? [yes/no]:yes
Router Self Signed Certificate successfully created Core(config)#interface
Core(config-if)#
Loopback0
ip address
Core(config-if)#
172.25.100.2 255.255.255.255
exit
Core(config)#webvpn enable gateway-addr
Core(config)# Core(config)# ...
172.25.100.2
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.