Enrollment http-proxymode ra retry, Exit | Cisco Systems 6500

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki trustpoint

Table 2-1 Certiﬁcate-Authority Trustpoint Submode Commands (continued)

Command	Purpose and Guidelines	Defaults

enrollment [http-proxy][mode ra] [retry	Specifies the enrollment parameters for your	period minutes—1
{period minutes count count} ] url url	certificate authority as follows:	count count—10
		count count—10
	• http-proxy—HTTP proxy server for
	enrollment.
	• mode ra—Registration authority mode.
	• retry count count— How many times to poll
	the CA for the certificate; valid values for
	count are 1 to 100.
	• retry period minutes—How long to wait
	between requests to the CA for the certificate;
	valid values for minutes are 1 to 60.
	• url url—A URL or one of the following:
	– archive:—Enrolls using archive: file
	system.
	– flash:—Enrolls using flash: file system.
	– ftp:—Enrolls using ftp: file system.
	– http:—Enrolls using http: file system.
	– https:—Enrolls using https: file system.
	– null:—Enrolls using null: file system.
	– nvram:—Enrolls using nvram: file
	system.
	– rcp:—Enrolls using rcp: file system.
	– scp:—Enrolls using scp: file system.
	– system:—Enrolls using system: file
	system.
	– tftp:—Enrolls using tftp: file system.

exit	Exits the ca-trustpoint configuration mode.

fqdn {fqdn none}	Includes the fully qualified domain name.
	fqdn—Enter the fully qualified domain name.
	none—Do not include the fully qualified domain
	name.

ip-addressserver-ip-addr	(Optional) Specifies the IP address of the
	WebVPN gateway that will use this certificate.

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

2-28	OL-7310-01

Image 28

Cisco Systems 6500 manual Enrollment http-proxymode ra retry, Period minutes-1, Period minutes count count url url, Exit

Contents

Commands for the Catalyst 6500 Series Switch WebVPN Module Defaults Command Modes Command HistoryClear webvpn nbns Release Modification Clear webvpn platform Webvpn# clear webvpn platform Clear webvpn session Clears the statistics for a specific contextUser name Specifies the user name Clear webvpn stats CifsMangle Port-forward Crypto key export rsa pem TerminalUrl url 3des Key nametest-keys UsageGeneral Purpose Key Crypto key generate General-keysUsage-keys Exportable This example shows how to generate general-purpose RSA keys This example shows how to generate special-usage RSA keysCrypto key generate rsa usage-keys Crypto key import rsa pem Release Modification PEM-formatted RSA key to the WebVPN Services Module Crypto pki authenticate Crypto pki authenticate trustpoint-label Defaults Command Modes Command History Usage Guidelines Crypto pki certificate Crypto pki crl request Wwbvpnconfig# crypto pki crl requestCrypto pki crl request name This example shows how to request a certificate Webvpnconfig# crypto pki enroll PROXY1Crypto pki enroll Crypto pki enroll trustpoint-label Crypto pki export pem Related Commands crypto pki import pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Wwbvpnconfig# crypto ca export TP1 pkcs12 scp sky is blueInclude the full path in the pkcs12filename value PKCS12 file Crypto pki import pem Related Commands crypto pki export pem Usage Guidelines Examples Crypto pki import pkcs12 This example shows how to import a PKCS12 file using SCP Users/admin-1/pkcs12/TP2.p12 Crypto pki profile enrollment Webvpnconfig# crypto pki profile enrollment testCrypto pki profile enrollment label Crypto pki trustpoint Command Purpose and Guidelines Defaults Enrollment http-proxymode ra retry Period minutes-1Period minutes count count url url Count count-10 Certificate map mapname command Password passwordMatch certificate mapname map override Skip Usage ike ssl-client ssl-server Subject-name lineVrf vrf Debug webvpn Event app next-hop tcp-Event debugging Trace module module- FDU trace Cert- Certificate management Ca-pool- CA PoolEvents- Events This example shows how to turn on tunnel debugging Usage Guidelines Nbns-list Nbns-list name no nbns-list name Nbns-server ipaddr Master timeoutExit Banner value string Policy groupFilter tunnel ip-acl Functions file-access Timeout idleHide-url-bar Nbns-list name Webvpnconfig# webvpn context cisco Webvpnconfig-webvpn-group#svc address-pool ciscotunlpool Default local-port Specifies the default local port valid values are from 1 toPort-forward Port-forward listname no port-forward listname Related Commands url-list Webvpn context Show webvpn context name Show webvpn contextWebvpn# show web context tunnel Show webvpn dispatch Show webvpn dispatch algorithm member statsAlgorithm Member Sslvpn CLB Member Table Webvpn# show webvpn gateway s1 Admin Status up Show webvpn gatewayShow webvpn gateway name Webvpn# show webvpn gateway Show webvpn install FileCsd Status Webvpn# show web install file \webvpn\stc\version.txt Show webvpn nbns Show webvpn nbns context name allAll Show web nbns context all Show webvpn-platform buffers module module Show webvpn platform buffersShow webvpn-platform buffers module all Show webvpn platform context name module module Show webvpn platform contextWebvpn# show webvpn platform context tunnel OL-7310-01 Show webvpn platform crash-info Show webvpn platform crash-info brief detailsBrief Details Nvram Version This Core Didnt Crash Show webvpn platform gateway Show webvpn platform gateway name debug module moduleDebug Module module Vlan ID This command has no default settings Show webvpn platform mac addressShow webvpn platform mac address Module Show webvpn platform policy Show webvpn platform policy ssl tcp nameSsl Tcp Show webvpn platform version Show webvpn platform versionWebvpn# show webvpn platform version Show webvpn platform vlan vlan-id Show webvpn platform vlanWebvpn# show webvpn platform vlan Related Commands webvpn policy ssl Show webvpn policyGroup name Context name Tcp Show webvpn session Context nameUser name Webvpn# show webvpn session context c1 Show webvpn stats type Show webvpn statsWebvpn# show webvpn stats Mangling statistics Relative urls 15705 Absolute urls 41850 DPD Page TCP VCs Active VCs Aborted Conns Webvpn# show web stats context tunnel DPD Snmp-server enable This example shows how to enable traps This example shows how to enable Snmp informsThis example shows how to enable authentication traps Command Modes WebVPN group context submode Command History Release ModificationSvc Dns-server primary secondary Command Purpose and Guidelines Default Rekey method new-tunnel ssl No rekey methodRekey time interval No rekey time Url-list Url-list listname no url-list listnameHeading text Url-text text url-value url/exchage Related Commands webvpn context Aaa authentication domain domain-list Specifies AAA configuration parameters for contextDefault-group-policy default-policy-name Webvpn context Inservice Login-message stringNo login-message Password-prompt prompt Ssl authenticate verify all none Authenticate verify -Specifies the SSLPolicy group policy-name Policy ssl policy-name Vrf-name vrf-name Url-list listnameColor Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Webvpnconfig-webvpn-context# url-list cisco 100 Webvpn gateway No policy tcp SecondaryNo policy ssl Webvpnconfig-webvpn-gateway#ip address 172.21.65.71 port Webvpnconfig# webvpn gateway commonContext and enter the gateway submode Webvpn policy ssl No session-cache enable Timeout handshake timeoutTimeout session timeout absolute Help This example shows how to enable session-cache This example shows how to disable session-cacheWwbvpnconfig# webvpn policy ssl sslpl1 Wwbvpnconfig-ssl-policy#cipher RSAWITH3DESEDECBCSHA Related Commands show webvpn stats This example shows how to print out a helpWwbvpnconfig-ssl-policy#timeout session 30000 absolute Timeout syn is 75 seconds Timeout reassembly is 60 seconds Tos carryover is disabledDefault Exit Webvpn policy tcp Delayed-ack-threshold Delay-ack-timeoutNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-seconds No timeout reassembly time Form of this command to return to the default settingNo tos carryover Server to client connection, the server connection must be 111 112