Hi,
I've been trying to set up WebVPN on my Cisco router, having followed the wizard to do this but the problem I get is that the URL I am using keeps getting timeout errors.
Looking at the Feature Availability section 'Home' screen of SDM, this does not indicate that the VPN facility is in use (the green circle does not have a tick in it!).
I've checked and re-checked the config but can't see anything wrong and can confirm that the WebVPN context (ssl) and gateway (gateway_1) are both in service.
I've posted my config below (having removed passwords, IPs etc) and would really appreciate an expert's view on this - it's driving me crazy!!
!This is the running config of the router: myrouter
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPCR01
!
boot-start-marker
boot-end-marker
!
logging buffered 419600 debugging
enable secret 5 xyzabc123
enable password xyzabc123
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip domain name mydomain
ip name-server 192.168.15.11
!
!
voice-card 0
no dspfarm
!
!
crypto pki trustpoint TP-self-signed-1440344723
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1440344723
revocation-check none
rsakeypair TP-self-signed-1440344723
!
!
crypto pki certificate chain TP-self-signed-1440344723
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343430 33343437 3233301E 170D3036 30353032 32323431
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34343033
34343732 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E220 0DCD79F7 EDBF6B7C 2A9A486B 78D88266 8618CE8E C11DA084 776D6A71
A9B8E5E1 ACA4B6F8 AC018E68 C0FD160C 3E00BB8A B50844B7 8F24E2FF F91CD1B8
F39FFE24 9DA8474E 7C487E5A 84382249 76A7B2E0 CC452A55 61E61D16 B3C6A106
950E5271 B1B971D3 EAD4EF6E A40BD5DF AF43E80B C8CB9B0A 3E068BBA B7D54EF4
FC6D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13535043 5230312E 73706174 656C2E63 6F2E756B 301F0603
551D2304 18301680 1486880E 85EEE656 FDF0201A 984E341E 973F4D29 63301D06
03551D0E 04160414 86880E85 EEE656FD F0201A98 4E341E97 3F4D2963 300D0609
2A864886 F70D0101 04050003 81810056 07FBBDDE E52B4EE3 1EDAAAF9 6BDC53D2
7A167BDA 25B2C01A BF332F88 0430436A 9FCD350C ED21FA50 F5D876AB E6C3A087
B2BB9EA7 0C469D3A 59BF4B20 7EACD4D1 9EE74DE6 B0156D5B 1947407B 4B526EA9
BB944531 16DE8F5E 2296E26B 870FFBCC 3B0368DC E67CDF26 7859787A A26568A3
C04201F0 F7BC6981 EAAEF193 B7F51D
quit
username myusername privilege 15 secret 5 mypassword
!
!
interface FastEthernet0/0
description Internal LAN$ETH-LAN$
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1452
duplex full
speed auto
hold-queue 100 out
!
interface FastEthernet0/1
no ip address
no ip route-cache cef
no ip route-cache
duplex full
speed auto
!
interface ATM0/0/0
description ==>ADSL
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description ==>Evo DSL
no ip route-cache
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
description Evo DSL
ip address negotiated
ip mtu 1492
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname myhostname
ppp chap password 0 mypassword
ppp ipcp dns request
!
ip local pool 172.1.1.x 172.1.1.2 172.1.1.10
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip flow-top-talkers
top 20
sort-by packets
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.15.10 25 2.3.4.5 25 extendable
ip nat inside source static tcp 192.168.15.10 80 2.3.4.5 80 extendable
ip nat inside source static tcp 192.168.15.10 110 2.3.4.5 80 110 extendable
ip nat inside source static tcp 192.168.15.10 143 2.3.4.5 80 143 extendable
ip nat inside source static tcp 192.168.15.10 443 2.3.4.5 80 443 extendable
!
no logging trap
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.15.0 0.0.0.255
!
!
control-plane
!
!
!
!
^C
!
line con 0
speed 115200
line aux 0
line vty 0 4
password mypassword
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180084
ntp update-calendar
ntp server 17.72.133.42 source Dialer0 prefer
!
webvpn gateway gateway_1
hostname ssl
ip address 2.3.4.4 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-1440344723
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
webvpn context ssl
title-color #CCCC66
secondary-color white
text-color black
ssl authenticate verify all
!
url-list "applications"
heading "Apps"
url-text "Outlook" url-value " !
nbns-list WINS
nbns-server 192.168.15.11 master
!
port-forward "PortForward"
local-port 3000 remote-server "192.168.15.1" remote-port 23 description "Telnet ==> Router"
!
policy group policy_1
url-list "applications"
port-forward "PortForward"
nbns-list "WINS"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
hide-url-bar
svc address-pool "172.1.1.x"
svc default-domain "myinternetdomain"
svc split dns "myinternaldomain"
svc split include 192.168.15.0 255.255.255.0
svc split include 192.168.1.0 255.255.255.0
svc dns-server primary 192.168.15.11
svc wins-server primary 192.168.15.11
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_3
gateway gateway_1 domain myinternetdomain
csd enable
inservice
!
!
end
Thanks,
Sahajesh.
I've been trying to set up WebVPN on my Cisco router, having followed the wizard to do this but the problem I get is that the URL I am using keeps getting timeout errors.
Looking at the Feature Availability section 'Home' screen of SDM, this does not indicate that the VPN facility is in use (the green circle does not have a tick in it!).
I've checked and re-checked the config but can't see anything wrong and can confirm that the WebVPN context (ssl) and gateway (gateway_1) are both in service.
I've posted my config below (having removed passwords, IPs etc) and would really appreciate an expert's view on this - it's driving me crazy!!
!This is the running config of the router: myrouter
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SPCR01
!
boot-start-marker
boot-end-marker
!
logging buffered 419600 debugging
enable secret 5 xyzabc123
enable password xyzabc123
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
ip cef
!
!
ip domain name mydomain
ip name-server 192.168.15.11
!
!
voice-card 0
no dspfarm
!
!
crypto pki trustpoint TP-self-signed-1440344723
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1440344723
revocation-check none
rsakeypair TP-self-signed-1440344723
!
!
crypto pki certificate chain TP-self-signed-1440344723
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343430 33343437 3233301E 170D3036 30353032 32323431
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34343033
34343732 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E220 0DCD79F7 EDBF6B7C 2A9A486B 78D88266 8618CE8E C11DA084 776D6A71
A9B8E5E1 ACA4B6F8 AC018E68 C0FD160C 3E00BB8A B50844B7 8F24E2FF F91CD1B8
F39FFE24 9DA8474E 7C487E5A 84382249 76A7B2E0 CC452A55 61E61D16 B3C6A106
950E5271 B1B971D3 EAD4EF6E A40BD5DF AF43E80B C8CB9B0A 3E068BBA B7D54EF4
FC6D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13535043 5230312E 73706174 656C2E63 6F2E756B 301F0603
551D2304 18301680 1486880E 85EEE656 FDF0201A 984E341E 973F4D29 63301D06
03551D0E 04160414 86880E85 EEE656FD F0201A98 4E341E97 3F4D2963 300D0609
2A864886 F70D0101 04050003 81810056 07FBBDDE E52B4EE3 1EDAAAF9 6BDC53D2
7A167BDA 25B2C01A BF332F88 0430436A 9FCD350C ED21FA50 F5D876AB E6C3A087
B2BB9EA7 0C469D3A 59BF4B20 7EACD4D1 9EE74DE6 B0156D5B 1947407B 4B526EA9
BB944531 16DE8F5E 2296E26B 870FFBCC 3B0368DC E67CDF26 7859787A A26568A3
C04201F0 F7BC6981 EAAEF193 B7F51D
quit
username myusername privilege 15 secret 5 mypassword
!
!
interface FastEthernet0/0
description Internal LAN$ETH-LAN$
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1452
duplex full
speed auto
hold-queue 100 out
!
interface FastEthernet0/1
no ip address
no ip route-cache cef
no ip route-cache
duplex full
speed auto
!
interface ATM0/0/0
description ==>ADSL
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description ==>Evo DSL
no ip route-cache
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
description Evo DSL
ip address negotiated
ip mtu 1492
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname myhostname
ppp chap password 0 mypassword
ppp ipcp dns request
!
ip local pool 172.1.1.x 172.1.1.2 172.1.1.10
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip flow-top-talkers
top 20
sort-by packets
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.15.10 25 2.3.4.5 25 extendable
ip nat inside source static tcp 192.168.15.10 80 2.3.4.5 80 extendable
ip nat inside source static tcp 192.168.15.10 110 2.3.4.5 80 110 extendable
ip nat inside source static tcp 192.168.15.10 143 2.3.4.5 80 143 extendable
ip nat inside source static tcp 192.168.15.10 443 2.3.4.5 80 443 extendable
!
no logging trap
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.15.0 0.0.0.255
!
!
control-plane
!
!
!
!
^C
!
line con 0
speed 115200
line aux 0
line vty 0 4
password mypassword
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180084
ntp update-calendar
ntp server 17.72.133.42 source Dialer0 prefer
!
webvpn gateway gateway_1
hostname ssl
ip address 2.3.4.4 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-1440344723
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
webvpn context ssl
title-color #CCCC66
secondary-color white
text-color black
ssl authenticate verify all
!
url-list "applications"
heading "Apps"
url-text "Outlook" url-value " !
nbns-list WINS
nbns-server 192.168.15.11 master
!
port-forward "PortForward"
local-port 3000 remote-server "192.168.15.1" remote-port 23 description "Telnet ==> Router"
!
policy group policy_1
url-list "applications"
port-forward "PortForward"
nbns-list "WINS"
functions file-access
functions file-browse
functions file-entry
functions svc-enabled
hide-url-bar
svc address-pool "172.1.1.x"
svc default-domain "myinternetdomain"
svc split dns "myinternaldomain"
svc split include 192.168.15.0 255.255.255.0
svc split include 192.168.1.0 255.255.255.0
svc dns-server primary 192.168.15.11
svc wins-server primary 192.168.15.11
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_3
gateway gateway_1 domain myinternetdomain
csd enable
inservice
!
!
end
Thanks,
Sahajesh.
