Remote Access VPNS: SSL VPNS

The SSL VPN (aka webvpn) is the most flexible kind of Remote access VPN connection. All you need is an SSL enabled browser - Internet Explorer, Mozilla, Safari etc. I would go right to the configuration.

Network Diagram:



Web Gateway Configuration:

-Configure AAA for authenticaton:
aaa new-model
!
!
aaa authentication login VPN local

Configure the webvpn gateway and put it INSERVCIE
! webvpn gateway GATE
ip address 12.12.12.1 port 443
http-redirect port 80 !makes the router to listen on port 80
inservice !

Immediately after a webvpn gateway command is entered, a self-signed certificate is generated. This CA can be changed using the ssl trustpoint command.
Next the webvpn context is created...
webvpn context SSL
secondary-color blue
secondary-text-color white
!

Next, a URL-List is created;
url-list "list1"
heading "Available Pages"
url-text "Home Page" url-value "books.durable.com" !

For Thin client connection, a port-forwarding list is created.

!
port-forward "Ports"
local-port 3065 remote-server "TELNET" remote-port 23 description "telnet"
!
The pieces are tied together using the policy group command.
!
policy group SSLVPN
url-list "list1"
port-forward "Ports"
banner "Login Successful"
timeout idle 300
timeout session 3600
!

Next we set the default group policy, the AAA authentication list and add a gateway to the context.

default-group-policy SSLVPN
aaa authentication list VPN
gateway GATE
inservice
!

TESTING
I prefer to test with the end user - Here are some snapshots.



After successful authentication, we have;



When you click start, you have;

Finally, lets try to telnet to localhost port 3065


Just as we want it :-)


Up Next: Anyconnect :-)


Ciao.


Amplebrain.