Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

IOS SSLVPN

Picture
Clientless SSLVPN configured on IOS24.

interface GigabitEthernet0/3
 ip address dhcp
!
aaa new-model
aaa authentication login SSL local
aaa session-id common
username cisco password 0 cisco
!
webvpn gateway WEBGW
 ip interface GigabitEthernet0/3 port 8443
 ssl trustpoint TP-self-signed-4294967295
 logging enable
 inservice
 !
webvpn context WEB_CONTEXT
 aaa authentication list SSL
 gateway WEBGW
 !
 ssl authenticate verify all
 inservice
 !
 policy group POLICY
 default-group-policy POLICY

IOS24#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/3         10.255.1.32     YES DHCP   up                    up      

%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up


IOS24#show webvpn gateway 
Gateway Name: SSLVPN
Admin Status: down
Operation Status: down
Error and Event Logging: Disabled
GW IP address not configured
Not associated with any trustpoint
FVRF Name not configured

Gateway Name: WEBGW
Admin Status: up
Operation Status: up
Error and Event Logging: Enabled
IP: 10.255.1.32, port: 8443
SSL Trustpoint: TP-self-signed-4294967295
FVRF Name not configured


IOS24#show webvpn context 
Context Name: WEB_CONTEXT
Admin Status: up
Operation Status: up
Error and Event Logging: Disabled
CSD Status: Disabled
Certificate authentication type: All attributes (like CRL) are verified
AAA Authentication List not configured
AAA Authorization List not configured
AAA Accounting List not configured
AAA Authentication Domain not configured
Authentication mode: AAA authentication
Default Group Policy: POLICY
Associated WebVPN Gateway: WEBGW
Domain Name and Virtual Host not configured
Maximum Users Allowed: 1000 (default)
NAT Address not configured
VRF Name not configured
Virtual Template not configured


Open a web browser and use the following:
https://10.255.1.32:8443

The web browser should present you with the below webpage.
Picture
Log in with the credentials of "cisco" and "cisco".


%SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: WEBGW i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.255.1.110:51754
%SSLVPN-5-SSL_TLS_ERROR: vw_ctx: UNKNOWN vw_gw: WEBGW i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 10.255.1.110:51756
%SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: WEBGW i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.255.1.110:51766
%SSLVPN-5-SSL_TLS_ERROR: vw_ctx: WEB_CONTEXT vw_gw: WEBGW i_vrf: 0 f_vrf: 0 status: SSL/TLS connection error with remote at 10.255.1.110:51754



Picture
IOS24#show webvpn session context all
WebVPN context name: WEB_CONTEXT
Client_Login_Name  Client_IP_Address  No_of_Connections  Created  Last_Used
cisco              10.255.1.110               3         00:00:50  00:00:49  



​IOS24#show webvpn session user cisco context all
Session Type      : Clientless
Client User-Agent : Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:69.0) Gecko/2010

Username          : cisco                Num Connection : 3                   
Public IP         : 10.255.1.110         VRF Name       : None                
Context           : WEB_CONTEXT          Policy Group   : POLICY              
Last-Used         : 00:00:57             Created        : *08:11:58.940 UTC Sun Sep 22 2019
Session Timeout   : Disabled             Idle Timeout   : 2100                
Citrix            : Disabled             Citrix Filter  : None                
Client Ports      : 51755 51768 51769 
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto