- https://supportforums.cisco.com/discussion/11095971/slow-anyconnect-speeds-vs-vpn-client
- http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/svc.html#wp1059928
policy group vpn-group-test
svc keepalive 300
svc dpd-interval client 10
svc dpd-interval gateway 30
svc dtls
Generate RSA Keys
crypto key generate rsa label my-rsa-keys modulus 1024
crypto pki trustpoint my-trustpoint
enrollment selfsigned
subject-name CN=domain.com
rsakeypair my-rsa-keys
!
crypto pki enroll my-trustpoint
% Include the router serial number in the subject name? [yes/no]: yes
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
router(config)# crypto pki trustpoint cacert.org
router(ca-trustpoint)# enrollment terminal pem
router(ca-trustpoint)# fqdn [FQDN.MYROUTER.ME]
router(ca-trustpoint)# subject-name C=[COUNTRY], ST=[STATE] O=[DOMAIN], OU=[MY ROLE], CN=[FQDN.MYROUTER.ME]/emailAddress=[MY EMAIL ADDRESS]
router(ca-trustpoint)# revocation-check none
router(ca-trustpoint)# rsakeypair [FQDN.MYROUTER.ME] 1024
Clean old RSA keys
router(config)# crypto key zeroize rsa
Create RSA keys
router(config)# crypto key generate rsa general-keys label [FQDN.MYROUTER.ME] export modulus 1024
Import Root Certificate
router(config)# crypto pki authenticate cacert.org
Create CSR (certificate signing request)
router(config)# crypto pki enroll cacert.org
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Display Certificate Request to terminal? [yes/no]: yes
Import Signed Certificate
router(config)# crypto pki import cacert.org certificate
wr
Info
show crypto pki certificates
show crypto key mypubkey rsa
ldap attribute-map vpn
map type memberOf=CN=PHYSTER_WORKERS,CN=Users,DC=PHYSTER,DC=COM group-lock format dn-to-string
map type physicalDeliveryOfficeName user-vpn-group
map type sAMAccountName username
show webvpn gateway
show webvpn context
show webvpn install package svc
show webvpn install status svc
show webvpn policy group MYPOLICY context
show webvpn session context all
show webvpn stats detail context all
sh route-map MYMAP
SSL VPN Clear Commands:
clear webvpn nbns - Clears the NBNS cache on an SSL VPN gateway.
clear webvpn session - Clears SSL VPN remote user sessions.
clear webvpn stats - Clears SSL VPN application and access counters.
SSL VPN Debug Commands:
debug webvpn [verbose] [aaa | acl | cifs | citrix [verbose] | cookie [verbose] | count | csd | data | dns | emweb [state] | entry context-name [source ip [network-mask] | user username] | http [authentication | trace | verbose] | package | sdps [level number] | sock [flow] | sso | timer | trie | tunnel [traffic acl-number | verbose] | url-disp | webservice [verbose]]
Example : debug webvpn
- http://www.reub.net/node/34
- http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801405ac.shtml
- http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/904-cisco-router-anyconnect-webvpn.html
- Cisco IOS SSL VPN Gateways and Contexts
- Cisco IOS SSL VPN AAA Authentication Domain
- Cisco IOS SSL VPN Policy Groups
- White Papers
- IOS SSL VPN Configuration Guide
- https://supportforums.cisco.com/docs/DOC-15786
- http://www.trainsignal.com/blog/cisco-anyconnect-vpn-cli
- http://teach-cisco.blogspot.cz/2011/04/configuring-anyconnect-webvpn-on-cisco.html
- LDAP
- http://www.cisco.com/en/US/tech/tk367/technologies_configuration_example09186a0080c0c519.shtml
- http://www.cisco.com/en/US/tech/tk367/technologies_configuration_example09186a0080becd1a.shtml
- http://ltlnetworker.wordpress.com/2010/11/09/ios-easyvpn-server-with-ldap-authentication