Cisco Systems 6500 Help, No session-cache enable, Session-cache size size, Version all ssl3 tls1

Page 105

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

webvpn policy ssl

Table 2-10 SSL-Policy Configuration Submode Command Descriptions (continued)

exit

Exits from SSL-policy configuration submode.

 

 

help

Provides a description of the interactive help system.

 

 

[no] session-cache enable

Allows you to enable the session-caching feature. Use the no form of this

 

command to disable session-caching.

 

 

session-cache size size

Specifies the maximum number of session entries to be allocated for a given

 

service; valid values are from 1 to 262143 entries.

 

 

timeout handshake timeout

Allows you to configure the amount of time that the module keeps the

 

connection in handshake phase; valid values are from 0 to 65535 seconds.

 

 

timeout session timeout [absolute]

Allows you to configure the session timeout. The syntax description is as

 

follows:

 

timeout—Session timeout; valid values are from 0 to 72000 seconds.

 

absolute— (Optional) The session entry is not removed until the

 

configured timeout has completed.

 

 

tls-rollback [current any]

Allows you to specify if the SSL protocol version number in the TLS/SSL

 

premaster secret message is either the maximum version or the negotiated

 

version (current), or if the version is not checked (any).

 

 

version {all ssl3 tls1}

Allows you to set the version of SSL to one of the following:

 

all—Both SSL3 and TLS1 versions are used.

 

ssl3—SSL version 3 is used.

 

tls1—TLS version 1 is used.

 

 

You can define the SSL policy templates using the ssl-proxy policy ssl ssl-policy-namecommand and associate an SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy template allows you to define various parameters that are associated with the SSL handshake stack.

When you enable close-notify, a close-notify alert message is sent to the client and a close-notify alert message is expected from the client as well. When disabled, the server sends a close-notify alert message to the client; however, the server does not expect or wait for a close-notify message from the client before tearing down the session.

The cipher-suite names follow the same convention as the existing SSL stacks.

The cipher-suites that are acceptable to the proxy-server are as follows:

RSA_WITH_3DES_EDE_CBC_SHA— RSA with 3des-sha

RSA_WITH_DES_CBC_SHA—RSA with des-sha

RSA_WITH_RC4_128_MD5—RSA with rc4-md5

RSA_WITH_RC4_128_SHA—RSA with rc4-sha

all—All supported ciphers

If you enter the timeout session timeout absolute command, the session entry is kept in the session cache for the configured timeout before it is cleaned up. If the session cache is full, the timers are active for all the entries, the absolute keyword is configured, and all further new sessions are rejected.

 

 

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

 

 

 

 

 

 

OL-7310-01

 

 

2-105

 

 

 

 

 

Page 104 Page 106
Image 105
Page 104 Page 106
Contents Commands for the Catalyst 6500 Series Switch WebVPN Module Command Modes Command History DefaultsClear webvpn nbns Release ModificationClear webvpn platform Webvpn# clear webvpn platform Clears the statistics for a specific context Clear webvpn sessionUser name Specifies the user nameCifs Clear webvpn statsMangle Port-forwardTerminal Crypto key export rsa pemUrl url 3desKey nametest-keys UsageGeneral Purpose Key General-keys Crypto key generateUsage-keys ExportableThis example shows how to generate special-usage RSA keys This example shows how to generate general-purpose RSA keysCrypto key generate rsa usage-keys Release Modification Crypto key import rsa pemPEM-formatted RSA key to the WebVPN Services Module Crypto pki authenticate trustpoint-label Crypto pki authenticateCrypto pki certificate Defaults Command Modes Command History Usage GuidelinesWwbvpnconfig# crypto pki crl request Crypto pki crl requestCrypto pki crl request name Webvpnconfig# crypto pki enroll PROXY1 This example shows how to request a certificateCrypto pki enroll Crypto pki enroll trustpoint-labelCrypto pki export pem Related Commands crypto pki import pem Crypto pki export pkcs12 Wwbvpnconfig# crypto ca export TP1 pkcs12 scp sky is blue This example shows how to export a PKCS12 file using SCPInclude the full path in the pkcs12filename value PKCS12 fileCrypto pki import pem Usage Guidelines Examples Related Commands crypto pki export pemCrypto pki import pkcs12 Users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPWebvpnconfig# crypto pki profile enrollment test Crypto pki profile enrollmentCrypto pki profile enrollment label Crypto pki trustpoint Command Purpose and Guidelines Defaults Period minutes-1 Enrollment http-proxymode ra retryPeriod minutes count count url url Count count-10Password password Certificate map mapname commandMatch certificate mapname map override SkipSubject-name line Usage ike ssl-client ssl-serverVrf vrf Debug webvpn Trace module module- FDU trace Event app next-hop tcp-Event debuggingCa-pool- CA Pool Cert- Certificate managementEvents- Events This example shows how to turn on tunnel debugging Usage Guidelines Nbns-list name no nbns-list name Nbns-listMaster timeout Nbns-server ipaddrExit Policy group Banner value stringFilter tunnel ip-acl Timeout idle Functions file-accessHide-url-bar Nbns-list nameWebvpnconfig-webvpn-group#svc address-pool ciscotunlpool Webvpnconfig# webvpn context ciscoSpecifies the default local port valid values are from 1 to Default local-portPort-forward Port-forward listname no port-forward listnameWebvpn context Related Commands url-listShow webvpn context Show webvpn context nameWebvpn# show web context tunnel Show webvpn dispatch algorithm member stats Show webvpn dispatchAlgorithm MemberSslvpn CLB Member Table Show webvpn gateway Webvpn# show webvpn gateway s1 Admin Status upShow webvpn gateway name Webvpn# show webvpn gatewayFile Show webvpn installCsd StatusWebvpn# show web install file \webvpn\stc\version.txt Show webvpn nbns context name all Show webvpn nbnsAll Show web nbns context allShow webvpn platform buffers Show webvpn-platform buffers module moduleShow webvpn-platform buffers module all Show webvpn platform context Show webvpn platform context name module moduleWebvpn# show webvpn platform context tunnel OL-7310-01 Show webvpn platform crash-info brief details Show webvpn platform crash-infoBrief DetailsNvram Version This Core Didnt Crash Show webvpn platform gateway name debug module module Show webvpn platform gatewayDebug Module moduleVlan ID Show webvpn platform mac address This command has no default settingsShow webvpn platform mac address ModuleShow webvpn platform policy ssl tcp name Show webvpn platform policySsl TcpShow webvpn platform version Show webvpn platform versionWebvpn# show webvpn platform version Show webvpn platform vlan Show webvpn platform vlan vlan-idWebvpn# show webvpn platform vlan Show webvpn policy Related Commands webvpn policy sslGroup name Context name TcpContext name Show webvpn sessionUser name Webvpn# show webvpn session context c1Show webvpn stats Show webvpn stats typeWebvpn# show webvpn stats Mangling statistics Relative urls 15705 Absolute urls 41850 DPD Page TCP VCs Active VCs Aborted Conns Webvpn# show web stats context tunnel DPD Snmp-server enable This example shows how to enable Snmp informs This example shows how to enable trapsThis example shows how to enable authentication traps Command History Release Modification Command Modes WebVPN group context submodeSvc Dns-server primary secondaryCommand Purpose and Guidelines Default No rekey method Rekey method new-tunnel sslRekey time interval No rekey timeUrl-list listname no url-list listname Url-listHeading text Url-text text url-value url/exchageRelated Commands webvpn context Specifies AAA configuration parameters for context Aaa authentication domain domain-listDefault-group-policy default-policy-name Webvpn contextLogin-message string InserviceNo login-message Password-prompt promptAuthenticate verify -Specifies the SSL Ssl authenticate verify all nonePolicy group policy-name Policy ssl policy-nameUrl-list listname Vrf-name vrf-nameColor Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Webvpnconfig-webvpn-context# url-list cisco 100 Webvpn gateway Secondary No policy tcpNo policy ssl Webvpnconfig# webvpn gateway common Webvpnconfig-webvpn-gateway#ip address 172.21.65.71 portContext and enter the gateway submode Webvpn policy ssl Timeout handshake timeout No session-cache enableTimeout session timeout absolute HelpThis example shows how to disable session-cache This example shows how to enable session-cacheWwbvpnconfig# webvpn policy ssl sslpl1 Wwbvpnconfig-ssl-policy#cipher RSAWITH3DESEDECBCSHAThis example shows how to print out a help Related Commands show webvpn statsWwbvpnconfig-ssl-policy#timeout session 30000 absolute Timeout reassembly is 60 seconds Tos carryover is disabled Timeout syn is 75 secondsDefault Exit Webvpn policy tcpDelay-ack-timeout Delayed-ack-thresholdNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-secondsForm of this command to return to the default setting No timeout reassembly timeNo tos carryover Server to client connection, the server connection must be111 112
Related manuals
Manual 20 pages 62.17 Kb Manual 160 pages 24.26 Kb Manual 262 pages 31.67 Kb
Top Page Image Contents