17-8

Chapter 17 Configuring Virtual Private Networks

Sample IOS configuration summary

ip address 10.89.79.140 port 443

!ssl configuration

ssl encryption aes128-sha1

ssl trustpoint iosrcdnvpn-cert inservice

!webvpn context for User and Password authentication webvpn context UserPasswordContext

title "User-Password authentication" ssl authenticate verify all

policy group UserPasswordGroup functions svc-enabled hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com"

svc split include 10.89.75.0 255.255.255.0 svc dns-server primary 64.101.128.56

svc dtls

default-group-policy UserPasswordGroup gateway VPN_RCDN_IOS domain UserPasswordVPN inservice

!webvpn context for Certificate (username pre-filled) and Password authentication webvpn context CertPasswordContext

title "certificate plus password" ssl authenticate verify all

policy group CertPasswordGroup functions svc-enabled hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com" svc dns-server primary 64.101.128.56 svc dtls

default-group-policy CertPasswordGroup gateway VPN_RCDN_IOS domain CertPasswordVPN authentication certificate aaa username-prefill

ca trustpoint CiscoMfgCert inservice

!webvpn context for certificate only authentication

webvpn context CertOnlyContext

title "Certificate only authentication" ssl authenticate verify all

policy group CertOnlyGroup

			functions svc-enabled
			hide-url-bar
			timeout idle 3600
			svc address-pool "webvpn-pool"
			svc default-domain "nw048b.cisco.com"
			svc dns-server primary 64.101.128.56
			svc dtls
			default-group-policy CertOnlyGroup
			gateway VPN_RCDN_IOS domain CertOnlyVPN
			Cisco Unified Communications Manager Security Guide
			Cisco Unified Communications Manager Security Guide

	17-8		OL-24124-01
	17-8		OL-24124-01

Cisco Systems OL-24124-01 manual 17-8