svcios.pdf

(797 KB) Pobierz
SSL VPN Client (SVC) on IOS Using SDM
Configuration Example
Document ID: 70790
Introduction
Prerequisites
Requirements
Components Used
Network Diagram
Preconfiguration Tasks
Conventions
Background Information
Configure SVC on IOS
Step 1. Install and Enable the SVC Software on the IOS Router
Step 2. Configure a WebVPN Context and WebVPN Gateway with the SDM Wizard
Step 3. Configure the User Database for SVC Users
Step 4. Configure the Resources to Expose to Users
Results
Verify
Procedure
Commands
Troubleshoot
NetPro Discussion Forums − Featured Conversations
Related Information
Introduction
The SSL VPN Client (SVC) provides a full tunnel for secure communications to the corporate internal
network. You can configure access on a user by user basis, or you can create different WebVPN contexts into
which you place one or more users.
SSL VPN or WebVPN technology is supported on these IOS router platforms:
870, 1811, 1841, 2801, 2811, and 2821
2851, 3725, 3745, 3825, 3845, 7200, and 7301
You can configure SSL VPN technology in these modes:
Clientless SSL VPN (WebVPN)Provides
a remote client that requires an SSL−enabled Web
browser to access HTTP or HTTPS Web servers on a corporate local−area network (LAN). In
addition, clientless SSL VPN provides access for Windows file browsing through the Common
Internet File System (CIFS) protocol. Outlook Web Access (OWA) is an example of HTTP access.
Thin−Client SSL VPN (Port Forwarding)Provides
a remote client that downloads a small
Java−based applet and allows secure access for Transmission Control Protocol (TCP) applications
that use static port numbers. Point of presence (POP3), Simple Mail Transfer Protocol (SMTP),
Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure
access. Because files on the local machine change, users must have local administrative privileges to
use this method. This method of SSL VPN does not work with applications that use dynamic port
assignments, such as some file transfer protocol (FTP) applications.
Cisco − SSL VPN Client (SVC) on IOS Using SDM Configuration Example
Note:
User Datagram Protocol (UDP) is not supported.
SSL VPN Client (SVC Full Tunnel Mode)Downloads
a small client to the remote workstation and
allows full secure access to resources on an internal corporate network. You can download the SVC to
a remote workstation permanently, or you can remove the client once the secure session is closed.
This document demonstrates the configuration of a Cisco IOS router for use by an SSL VPN Client.
Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
Microsoft Windows 2000 or XP
Web Browser with SUN JRE 1.4 or later or an ActiveX controlled browser
Local administrative privileges on the client
One of the routers listed in the Introduction with an Advanced Security image −12.4(6)T or later
Cisco Security Device Manager (SDM) version 2.3
If the Cisco SDM is not already loaded on your router, you can obtain a free copy of the software
from Software Download (
registered customers only
) . You must have a CCO account with a service
contract. For detailed information on the installation and configuration of SDM, refer to Cisco Router
and Security Device Manager.
A digital certificate on the router
You can use a persistent self−signed certificate or an external Certificate Authority (CA) to satisfy
this requirement. For more information on persistent self−signed certificates, refer to Persistent
Self−Signed Certificates.
Components Used
The information in this document is based on these software and hardware versions:
Cisco IOS router 3825 series with 12.4(9)T
Security Device Manager (SDM) version 2.3.1
Note:
The information in this document was created from devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Network Diagram
This document uses this network setup:
Cisco − SSL VPN Client (SVC) on IOS Using SDM Configuration Example
Preconfiguration Tasks
1. Configure the router for SDM. (Optional)
Routers with the appropriate security bundle license already have the SDM application loaded in
flash. Refer to Downloading and Installing Cisco Router and Security Device Manager (SDM) to
obtain and configure the software.
2. Download a copy of the SVC to your management PC.
You can obtain a copy of the SVC package file from Software Download: Cisco SSL VPN Client (
registered customers only
) . You must have a valid CCO account with a service contract.
3. Set the correct date, time, and time zone, and then configure a digital certificate on the router.
Conventions
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
Background Information
The SVC is initially loaded onto the WebVPN gateway router. Every time the client connects, a copy of the
SVC is dynamically downloaded onto the PC. In order to change this behavior, configure the router to enable
the software to remain permanently on the client computer.
Configure SVC on IOS
In this section, you are presented with the steps necessary to configure the features described in this
document. This example configuration uses the SDM Wizard to enable the operation of the SVC on the IOS
router.
To configure SVC on the IOS router, complete these steps:
1. Install and Enable the SVC Software on the IOS Router
2. Configure a WebVPN Context and WebVPN Gateway with the SDM Wizard
3. Configure the User Database for SVC Users
Cisco − SSL VPN Client (SVC) on IOS Using SDM Configuration Example
4. Configure the Resources to Expose to Users
Step 1. Install and Enable the SVC Software on the IOS Router
To install and enable the SVC software on the IOS router, complete these steps:
1. Open the SDM application, click
Configure,
and then click
VPN.
2. Expand
WebVPN,
and choose
Packages.
3. Within the Cisco WebVPN Client Software area, click the
Browse
button.
The Select SVC location dialog box appears.
Cisco − SSL VPN Client (SVC) on IOS Using SDM Configuration Example
4. Click the
My Computer
radio button, and then click
Browse
to locate the SVC package on your
management PC.
5. Click
OK,
and then click the
Install
button.
Cisco − SSL VPN Client (SVC) on IOS Using SDM Configuration Example

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin