Cisco Fire Jumper

Config SSL VPN in CSR 1000v

by

Below is a snippet of config for a SSL VPN in a CSR 1000v

aaa new-model
!
!
aaa authentication login default local
aaa authentication login sslvpn local
aaa authorization console
aaa authorization exec default local
aaa authorization network sslvpn local

crypto pki trustpoint TP-self-signed-3568908477
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3568908477
revocation-check none
rsakeypair TP-self-signed-3568908477
!
!
crypto pki certificate chain TP-self-signed-3568908477
certificate self-signed 01
quit
!

!
username remote password 0 remote
!
crypto ssl proposal sslvpn-proposal
protection rsa-aes128-sha1 rsa-aes256-sha1
!
crypto ssl authorization policy sslvpn-auth-policy
netmask 255.255.255.0
include-local-lan
pool SSL_Client
dns 10.0.0.4
def-domain fusionconsult.local
route set access-list sslvpn-tunnel
timeout idle 2400
timeout session 6000
timeout disconnect 6000
!
crypto ssl policy sslvpn-policy
ssl proposal sslvpn-proposal
pki trustpoint TP-self-signed-3568908477 sign
ip interface GigabitEthernet1 port 443
!
crypto ssl profile sslvpn-profile
match policy sslvpn-policy
aaa authentication user-pass list sslvpn
aaa authorization group user-pass list sslvpn sslvpn-auth-policy
authentication remote user-pass
max-users 100
!
!
crypto vpn anyconnect bootflash:anyconnect-win-3.1.05160-k9.pkg sequence 1
!
!

threat-visibility
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
!
ip local pool SSL_Client 192.168.10.1 192.168.10.250

no ip http server
no ip http secure-server

ip access-list standard sslvpn-tunnel
permit 10.0.0.0 0.255.255.255

fus-vpn-01#sh cry ssl session
SSL profile name: sslvpn-profile
Client_Login_Name  Client_IP_Address  No_of_Connections  Created  Last_Used
fusionadmin        2.99.54.171                1         00:01:39  00:00:00
fus-vpn-01#sh cry ssl ?
authorization  ssl authorization
diagnose       show sslvpn diagnostic
policy         shows ssl policy
profile        shows ssl profiles
proposal       shows ssl proposal
session        shows ssl session
stats          sslvpn stats

fus-vpn-01#sh cry ssl stats tunnel
SSLVPN Profile name : sslvpn-profile
Tunnel Statistics:
Active connections       : 1
Peak connections         : 2          Peak time                : 02:14:58
Connect succeed          : 7          Connect failed           : 0
Reconnect succeed        : 1          Reconnect failed         : 0
IP Addr Alloc Failed     : 0          VA creation failed       : 0
DPD timeout              : 0
Client
in  CSTP frames          : 3311       in  CSTP control         : 33
in  CSTP data            : 3278       in  CSTP bytes           : 349161
out CSTP frames          : 19         out CSTP control         : 19
out CSTP data            : 46         out CSTP bytes           : 5203
cef in  CSTP data frames : 0          cef in  CSTP data bytes  : 0
cef out CSTP data frames : 0          cef out CSTP data bytes  : 0
Server
In  IP pkts              : 46         In  IP bytes             : 5008
In  IP6 pkts             : 0          In  IP6 bytes            : 0
Out IP pkts              : 3278       Out IP bytes             : 322358
Out IP6 pkts             : 0          Out IP6 bytes            : 0

Tags: Ssl

Leave a Comment

Translate »
Google no longer supports Google Images API and this plugin can't work.

You can try to use other plugins with the same feature:
WP Picasa Box - http://codecanyon.net/item/wp-picasa-box/16099962
WP Pixabay Search And Insert - http://wpclever.net/downloads/wordpress-pixabay-search-and-insert