Cisco SSL VPN Configuration ( easy / simple example )

Currently I’m busy to find out how to optimize a Cisco SSL VPN Configuration. First I needed to know how I should configure my router. I knew some former colleagues made such configuration for a customer which I knew that worked.

So now I’m posting one of my own. Which I now can use easier during my work.

interface Loopback252
description Cisco SSL VPN Client for WebVPN
ip address < loopback addres / subnetmask >
ip flow ingress
ip route-cache same-interface
ip route-cache policy

ip local pool ILP_WVPN_CLIENT < dhcp pool for the ssl vpn client >

webvpn gateway WVG_WEBVPN
ip address < external router ip address > port 443
http-redirect port 80
ssl trustpoint < your certificate >
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn context Default_context
ssl authenticate verify all
no inservice
webvpn context webvpn
title “Site Title”
logo file flash://webvpn/Logo file.jpg or .gif
color Black
secondary-color Black
title-color Black
ssl authenticate verify all
url-list “URL_<name>”
nbns-list “NBL_<name>”
nbns-server < your dns server > master
nbns-server < your second dns server > timeout 10 retries 5
login-message “< Sign in message >”
policy group PGR_WEBVPN
url-list “URL_<name>”
nbns-list “NBL_<name>”
functions svc-enabled
banner “< you welcome banner text>”
svc address-pool “ILP_WVPN_CLIENT”
svc default-domain “<your domain name>”
svc keep-client-installed
svc split dns “< your domain name> ”
svc split include < internal LAN addres / subnet addres>
svc dns-server primary < your dns server >

svc dns-server secondary < your secondary dns server >
svc wins-server primary < your wins server >
svc wins-server secondary < your secondary wins server >
default-group-policy PGR_WEBVPN
aaa authentication list WVPN
gateway WVG_WEBVPN domain webvpn
logging enable

ip http server
ip http secure-server

and if you use IPS signatures you should deny the inspect on you vpn traffic!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s