This mode is useful for accessing most content that you would expect to access in a web browser, such as Internet access, databases, and online tools that employ a web interface.For more information about licensing, see the bulletin Cisco IOS SSL VPN Licensing Information.Entering a context name displays more detailed information, such as the operational status and specific configuration information for the named context.
A defined ACL can be overridden by an individual user when the user logs on to the gateway (using AAA policy attributes).A user can choose when to start the tunnel connection by configuring the functions svc-enabled command.
12-5 SSL VPNs & Tunneling Protocols - Free CCNA Study GuideThe SSL VPN context defines the virtual configuration of the SSL VPN.The policy group is a container that defines the presentation of the portal and the permissions for resources that are configured for a group of remote users.The range of addresses must fall under the subnet mask configured in Step 1.This feature allows a user to bookmark URLs while connected through an SSL VPN tunnel.The latest versions of the CSD and Cisco AnyConnect VPN Client software client packages should be installed for distribution on the SSL VPN gateway.Microsoft Outlook Express versions 5.5 and 6.0 have been tested.
To obfuscate, or mask, sensitive portions of an enterprise URL, such as IP addresses, hostnames, or port numbers, use the mask-urls command in webvpn group policy configuration mode.The following example enables file share access with server-browse and file-modify permission.To remove Citrix support from the policy group configuration, use the no form of this command.The following example configures a hostname for a SSL VPN gateway.Enters webvpn configuration mode to configure the SSL VPN context.Microsoft file shares can be accessed through the browser on a Linux system that is configured to run Samba.Name of the address pool that is configured using the ip local pool command.To remove a directory that has been configured, use the no form of this command.To configure the dead peer detection (DPD) timer value for the gateway or client, use the svc dpd-interval command in webvpn group policy configuration mode.
To enter webvpn context configuration mode to configure the Secure Sockets Layer Virtual Private Network (SSL VPN) context, use the webvpn context command in global configuration mode.The following example, starting in global configuration mode, configures port forwarding for well-known e-mail application port numbers.Enters webvpn port-forward list configuration mode to configure a port-forwarding list.To attach a port-forwarding list to a policy group configuration, use the port-forward command in webvpn group policy configuration mode.The remote port number is the well-known port to which the application listens.Clientless Citrix support allows the remote user to run Citrix-enabled applications through the SSL VPN as if the application were locally installed (similar to traditional thin-client computing).For information about setting various elements of the login page, see the document Cisco IOS Security Command Reference, Release 12.4T, for the logo, title, title-color, login-message, text-colo r, secondary-color, login-photo, and color commands.
The virtual hostname is configured with the gateway command in webvpn context configuration mode.Before configuring this command, ensure that the AAA accounting list has already been configured under global configuration.To enter webvpn gateway configuration mode to configure a SSL VPN gateway, use the webvpn gateway command in global configuration mode.We recommend that you use a separate AAA server, such as a Cisco Access Control Server (ACS).To configure the Cisco logo to be displayed, use the no form of this command.The information published excludes information on specific individuals.You can work around this error by performing the following steps.This section lists RADIUS attribute-value (AV) pair information introduced to support SSL VPN.To remove the SSL VPN configuration from the router configuration file, use the no form of this command.
Configures a message for a user login text box on the login page.Displays the Virtual Private Network (VPN) routing and forwarding (VRF)—if configured—that is associated with the context configuration.Specifies a list or method for SSL VPN remote-user authentication.
If the command is not used to attach a CIFS server URL list to a policy group, then a URL list is not attached to a group policy.Defines a SSL VPN gateway and enters webvpn gateway configuration mode.The SSL VPN gateway acts as a proxy for connections to protected resources.The following example configures a connection to an MSIE proxy server through an IP address and port number.To associate an ACL attribute with a policy group, perform the following steps.Enables AAA accounting when you are using RADIUS for SSL VPN sessions.The steps in this configuration task show how to configure a URL list.
This command is used to attach a SSL VPN gateway to a SSL VPN context configuration.That link is for site-to-site VPN tunnel, this link is for setting up SSL-VPN using NetExtender, which is.Output information was added for Cisco Express Forwarding (CEF).Only one FVRF can be associated with each SSL VPN context configuration.Enters SSL VPN configuration mode to configure the SSL VPN context.
Note All SSL VPN attributes (except for the standard IETF RADIUS attributes) start with webvpn: as follows.When port forwarding is enabled, the hosts file on the SSL VPN client is modified to map the application to the port number configured in the forwarding list.The message in the pop-up box is configured using the banner command.Displays information for all context configurations with which the policy group is associated.
This feature provides administrators with the option of automatically downloading the port-forwarding applet under the policy group.Use this command following the acl command (in webvpn context configuration mode) to specify conditions under which a packet can pass the named access list.Before configuring the ACL rules, you must have first configured the time range using the time-range command (this prerequisite is in addition to optionally configuring the time range, in the task table below, as part of the permit or deny entries).To configure URL obfuscation, masking, for a policy group, perform the following steps.Sets the maximum number of retries before SSO authentication fails.The following output example displays information about a SSO server configured for a policy group.Omitting this command from the SSL VPN context configuration causes the SSL VPN gateway to use global authentication parameters by default.
The time-range keyword allows you to identify a time range by name.Lisa Phifer examines how SSL VPNs match up with their older IPSec cousins.