Chapter 17 Configuring Virtual Private Networks

Sample IOS configuration summary

ip address 10.89.79.140 port 443

!ssl configuration

ssl encryption aes128-sha1

ssl trustpoint iosrcdnvpn-cert inservice

!

!webvpn context for User and Password authentication webvpn context UserPasswordContext

title "User-Password authentication" ssl authenticate verify all

!

!

policy group UserPasswordGroup functions svc-enabled hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com"

svc split include 10.89.75.0 255.255.255.0 svc dns-server primary 64.101.128.56

svc dtls

default-group-policy UserPasswordGroup gateway VPN_RCDN_IOS domain UserPasswordVPN inservice

!

!

!webvpn context for Certificate (username pre-filled) and Password authentication webvpn context CertPasswordContext

title "certificate plus password" ssl authenticate verify all

!

!

policy group CertPasswordGroup functions svc-enabled hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com" svc dns-server primary 64.101.128.56 svc dtls

default-group-policy CertPasswordGroup gateway VPN_RCDN_IOS domain CertPasswordVPN authentication certificate aaa username-prefill

ca trustpoint CiscoMfgCert inservice

!

!

!webvpn context for certificate only authentication

webvpn context CertOnlyContext

title "Certificate only authentication" ssl authenticate verify all

!

!

policy group CertOnlyGroup

 

 

 

functions svc-enabled

 

 

 

hide-url-bar

 

 

 

timeout idle 3600

 

 

 

svc address-pool "webvpn-pool"

 

 

 

svc default-domain "nw048b.cisco.com"

 

 

 

svc dns-server primary 64.101.128.56

 

 

 

svc dtls

 

 

 

default-group-policy CertOnlyGroup

 

 

 

gateway VPN_RCDN_IOS domain CertOnlyVPN

 

 

 

Cisco Unified Communications Manager Security Guide

 

 

 

 

 

 

 

 

 

17-8

 

OL-24124-01

 

 

 

 

Page 8
Image 8
Cisco Systems OL-24124-01 manual 17-8