Thursday, August 20, 2009

Remote Access VPNS: SSL VPNS

The SSL VPN (aka webvpn) is the most flexible kind of Remote access VPN connection. All you need is an SSL enabled browser - Internet Explorer, Mozilla, Safari etc. I would go right to the configuration.

Network Diagram:



Web Gateway Configuration:

-Configure AAA for authenticaton:
aaa new-model
!
!
aaa authentication login VPN local

Configure the webvpn gateway and put it INSERVCIE
! webvpn gateway GATE
ip address 12.12.12.1 port 443
http-redirect port 80 !makes the router to listen on port 80
inservice !

Immediately after a webvpn gateway command is entered, a self-signed certificate is generated. This CA can be changed using the ssl trustpoint command.
Next the webvpn context is created...
webvpn context SSL
secondary-color blue
secondary-text-color white
!

Next, a URL-List is created;
url-list "list1"
heading "Available Pages"
url-text "Home Page" url-value "books.durable.com" !

For Thin client connection, a port-forwarding list is created.

!
port-forward "Ports"
local-port 3065 remote-server "TELNET" remote-port 23 description "telnet"
!
The pieces are tied together using the policy group command.
!
policy group SSLVPN
url-list "list1"
port-forward "Ports"
banner "Login Successful"
timeout idle 300
timeout session 3600
!

Next we set the default group policy, the AAA authentication list and add a gateway to the context.

default-group-policy SSLVPN
aaa authentication list VPN
gateway GATE
inservice
!

TESTING
I prefer to test with the end user - Here are some snapshots.



After successful authentication, we have;



When you click start, you have;

Finally, lets try to telnet to localhost port 3065


Just as we want it :-)


Up Next: Anyconnect :-)


Ciao.


Amplebrain.
Posted by at
Labels:

2 comments:

  1. UnknownSeptember 28, 2009 at 9:41 PM

    I’ve found your blog today. I think you might be open to new software suggestions and I just want to mention that we have a new FREE small tool for desktop and application sharing:

    SupportSmith TeamUp! Lite
    http://www.supportsmith.com/teamuplite.aspx

    It allows you to work with any other TeamUp! Lite user sharing a single application or the whole desktop in just three steps:

    1. Select item to share.
    2. Enter peer Domain\Name.
    3. Send invitation to share.

    :D

    I wish you could take a look on it.
    Have a nice day!

    ReplyDelete
  2. UnknownNovember 19, 2009 at 5:49 AM

    You could also try RHUB http://www.rhubcom.com, Remote Access appliance. Unlike online hosted solutions, it provides much more security for it provides the ultimate protection of your own firewall; in addition access is controlled by means of IP addresses too, which adds extra security. So, you don’t even need a VPN.

    ReplyDelete

Subscribe to: Post Comments (Atom)