Sie sind auf Seite 1von 12

Connected to Dynamips VM "HQ" (ID 10, type c3725) - Console port

Press ENTER to get the prompt.


HQ#show ip rout
HQ#show ip route os
HQ#show ip route ospf
O 192.168.10.0/24 [110/74] via 192.168.1.2, 00:02:26, Serial0/1
O 192.168.20.0/24 [110/74] via 192.168.2.2, 00:02:06, Serial0/2
HQ#ping 192.168.10.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.100, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 12/36/60 ms
HQ#ping 192.168.20.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.100, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 16/36/56 ms
HQ#
HQ#
HQ#
HQ#
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#! pat
HQ(config)#
HQ(config)#in
HQ(config)#interface se
HQ(config)#interface serial 0/0
HQ(config-if)#ip nat
HQ(config-if)#ip nat out
HQ(config-if)#ip nat outside
*Mar 1 00:10:10.395: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, chan
ged state to up
HQ(config-if)#exit
HQ(config)#in
HQ(config)#interface se
HQ(config)#interface serial 0/1
HQ(config-if)#ip nat
HQ(config-if)#ip nat in
HQ(config-if)#ip nat inside
HQ(config-if)#exit
HQ(config)#in
HQ(config)#interface se
HQ(config)#interface serial 0/2
HQ(config-if)#ip nat
HQ(config-if)#ip nat in
HQ(config-if)#ip nat inside
HQ(config-if)#exit
HQ(config)#
HQ(config)#exit
HQ#conf
*Mar 1 00:10:43.267: %SYS-5-CONFIG_I: Configured from console by console
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#^Z
HQ#
*Mar 1 00:10:48.767: %SYS-5-CONFIG_I: Configured from console by console
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#ip acc
HQ(config)#ip acces
HQ(config)#ip access-list ex
HQ(config)#ip access-list extended natacl
HQ(config)#ip access-list extended natacl
HQ(config-ext-nacl)#?
Ext Access List configuration commands:
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
HQ(config-ext-nacl)#per
HQ(config-ext-nacl)#permit ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol
HQ(config-ext-nacl)#permit ip
HQ(config-ext-nacl)#permit ip ?
A.B.C.D Source address
any Any source host
host A single source host
HQ(config-ext-nacl)#permit ip 192.168.0.0 0.0.255.255 ?
A.B.C.D Destination address
any Any destination host
host A single destination host
HQ(config-ext-nacl)#permit ip 192.168.0.0 0.0.255.255 any
HQ(config-ext-nacl)#permit ip 192.168.0.0 0.0.255.255 any
HQ(config-ext-nacl)#exit
HQ(config)#ip nat
HQ(config)#ip nat in
HQ(config)#ip nat inside so
HQ(config)#ip nat inside source st
HQ(config)#ip nat inside source static natacl
HQ(config)#ip nat inside source static natacl ?
% Unrecognized command
HQ(config)#ip nat inside source static ?
A.B.C.D Inside local IP address
esp IPSec-ESP (Tunnel mode) support
network Subnet translation
tcp Transmission Control Protocol
udp User Datagram Protocol
HQ(config)#ip nat inside source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
HQ(config)#ip nat inside source li
HQ(config)#ip nat inside source list natacl in
HQ(config)#ip nat inside source list natacl interface se
HQ(config)#ip nat inside source list natacl interface serial 0/0 over
HQ(config)#ip nat inside source list natacl interface serial 0/0 overload
HQ(config)#do shwo hi
HQ(config)#do show hi
HQ(config)#do show history
HQ(config)#do show history
int s0/1
ip ospf 100 area 0
int s0/2
ip ospf 100 area 0
exit
! pat
interface serial 0/0
ip nat outside
exit
interface serial 0/1
ip nat inside
exit
interface serial 0/2
ip nat inside
exit
ip access-list extended natacl
permit ip 192.168.0.0 0.0.255.255 any
exit
ip nat inside source list natacl interface serial 0/0 overload
do show history
HQ(config)# ! SSL THIN CCLIENT
HQ(config)#
HQ(config)#
HQ(config)#ip cef
HQ(config)#web vp
HQ(config)#web vpn
HQ(config)#web vpn cef
^
% Invalid input detected at '^' marker.
HQ(config)#web vp
HQ(config)#webv
HQ(config)#webvpn c
HQ(config)#webvpn ce
HQ(config)#webvpn cef
HQ(config)#
HQ(config)#
HQ(config)#we
HQ(config)#webvpn g
HQ(config)#webvpn gateway g1
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
HQ(config-webvpn-gateway)#
*Mar 1 00:14:46.311: %SSH-5-ENABLED: SSH 1.99 has been enabled
HQ(config-webvpn-gateway)#
*Mar 1 00:14:46.535: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "wri
te memory" to save new certificate
HQ(config-webvpn-gateway)#do write
Building configuration...
[OK]
HQ(config-webvpn-gateway)#ip ad
HQ(config-webvpn-gateway)#ip address 101.1.1.100 por
HQ(config-webvpn-gateway)#ip address 101.1.1.100 port 443
HQ(config-webvpn-gateway)#htt
HQ(config-webvpn-gateway)#http-redirect por
HQ(config-webvpn-gateway)#http-redirect port 80
HQ(config-webvpn-gateway)#in
HQ(config-webvpn-gateway)#inservice
HQ(config-webvpn-gateway)#exit
HQ(config)#
HQ(config)#
HQ(config)#
HQ(config)#
HQ(config)#we
HQ(config)#webvpn co
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#por
HQ(config-webvpn-context)#port-forward p_list
HQ(config-webvpn-port-fwd)#lo
HQ(config-webvpn-port-fwd)#local-port 2222 re
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 22 des
HQ(config-webvpn-port-fwd)#$2222 remote-server 192.168.10.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.10.100 remote-port 22 des
HQ(config-webvpn-port-fwd)#$92.168.10.100 remote-port 22 description SSH
HQ(config-webvpn-port-fwd)#lo
HQ(config-webvpn-port-fwd)#local-port 2323 re
HQ(config-webvpn-port-fwd)#local-port 2323 remote-server 192.168.10.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.10.100 remote-port 23 des
HQ(config-webvpn-port-fwd)#$92.168.10.100 remote-port 23 description TELNET
HQ(config-webvpn-port-fwd)#LO
HQ(config-webvpn-port-fwd)#loca
HQ(config-webvpn-port-fwd)#local-port 8080 re
HQ(config-webvpn-port-fwd)#local-port 8080 remote-server 192.168.10.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.10.100 remote-port 80 des
HQ(config-webvpn-port-fwd)#$92.168.10.100 remote-port 80 description HTTP
HQ(config-webvpn-port-fwd)#loc
HQ(config-webvpn-port-fwd)#local-port 8181 re
HQ(config-webvpn-port-fwd)#local-port 8181 remote-server 192.168.10.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.10.100 remote-port 443 des
HQ(config-webvpn-port-fwd)#$92.168.10.100 remote-port 443 description HTTPS
HQ(config-webvpn-port-fwd)#do show hi
HQ(config-webvpn-port-fwd)#do show hi
exit
ip nat inside source list natacl interface serial 0/0 overload
do show history
! SSL THIN CCLIENT
ip cef
web vpn cef
webvpn cef
webvpn gateway g1
do write
ip address 101.1.1.100 port 443
http-redirect port 80
inservice
exit
webvpn context ccc
port-forward p_list
local-port 2222 remote-server 192.168.10.100 remote-port 22 description SSH
local-port 2323 remote-server 192.168.10.100 remote-port 23 description TELNET
local-port 8080 remote-server 192.168.10.100 remote-port 80 description HTTP
local-port 8181 remote-server 192.168.10.100 remote-port 443 description HTTPS
do show hi
HQ(config-webvpn-port-fwd)#lo
HQ(config-webvpn-port-fwd)#local-port 9022 re
HQ(config-webvpn-port-fwd)#local-port 9022 remote-server 192.168.20.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.20.100 remote-port 22 des
HQ(config-webvpn-port-fwd)#$92.168.20.100 remote-port 22 description SSH
HQ(config-webvpn-port-fwd)#LOCA
HQ(config-webvpn-port-fwd)#LOloca
HQ(config-webvpn-port-fwd)#loca
HQ(config-webvpn-port-fwd)#local-port 8233 re
HQ(config-webvpn-port-fwd)#local-port 8233 remote-server 192.168.20.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.20.100 remote-port 23 des
HQ(config-webvpn-port-fwd)#$92.168.20.100 remote-port 23 description TELNET
HQ(config-webvpn-port-fwd)#LOCA
HQ(config-webvpn-port-fwd)#loca
HQ(config-webvpn-port-fwd)#local-port 9080 re
HQ(config-webvpn-port-fwd)#local-port 9080 remote-server 192.168.20.100 re
HQ(config-webvpn-port-fwd)#$te-server 192.168.20.100 remote-port 80 des
HQ(config-webvpn-port-fwd)#$192.168.20.100 remote-port 80 description HTTP
HQ(config-webvpn-port-fwd)#LO
HQ(config-webvpn-port-fwd)#loc
HQ(config-webvpn-port-fwd)#local-port 9443 re
HQ(config-webvpn-port-fwd)#local-port 9443 remote-server 192.168.20.100 re
HQ(config-webvpn-port-fwd)#$e-server 192.168.20.100 remote-port 443 des
HQ(config-webvpn-port-fwd)#$92.168.20.100 remote-port 443 description HTTPS
HQ(config-webvpn-port-fwd)#DO SHOW HI
HQ(config-webvpn-port-fwd)#DO SHOW HI
web vpn cef
webvpn cef
webvpn gateway g1
do write
ip address 101.1.1.100 port 443
http-redirect port 80
inservice
exit
webvpn context ccc
port-forward p_list
local-port 2222 remote-server 192.168.10.100 remote-port 22 description SSH
local-port 2323 remote-server 192.168.10.100 remote-port 23 description TELNET
local-port 8080 remote-server 192.168.10.100 remote-port 80 description HTTP
local-port 8181 remote-server 192.168.10.100 remote-port 443 description HTTPS
do show hi
local-port 9022 remote-server 192.168.20.100 remote-port 22 description SSH
local-port 8233 remote-server 192.168.20.100 remote-port 23 description TELNET
local-port 9080 remote-server 192.168.20.100 remote-port 80 description HTTP
local-port 9443 remote-server 192.168.20.100 remote-port 443 description HTTPS
DO SHOW HI
HQ(config-webvpn-port-fwd)#exit
HQ(config-webvpn-context)#poli
HQ(config-webvpn-context)#policy gr
HQ(config-webvpn-context)#policy group ppp
HQ(config-webvpn-group)#por
HQ(config-webvpn-group)#port-forward P-list
Error: port-forward "P-list" is not configured
HQ(config-webvpn-group)#por
HQ(config-webvpn-group)#port-forward p_list
HQ(config-webvpn-group)#port-forward p_list
HQ(config-webvpn-group)#exit
HQ(config-webvpn-context)#gat
HQ(config-webvpn-context)#gateway g1
HQ(config-webvpn-context)#defa
HQ(config-webvpn-context)#default-group-policy ppp
HQ(config-webvpn-context)#in
HQ(config-webvpn-context)#inservice aaa
HQ(config-webvpn-context)#inservice aaa au
HQ(config-webvpn-context)#inservice aaa authen
HQ(config-webvpn-context)#inservice aaa autheni
HQ(config-webvpn-context)#inservice
HQ(config-webvpn-context)#aa
HQ(config-webvpn-context)#aaa authi
HQ(config-webvpn-context)#aaa authen
HQ(config-webvpn-context)#aaa authentication li
HQ(config-webvpn-context)#aaa authentication list de
HQ(config-webvpn-context)#aaa authentication list default
AAA list default is not defined, default list will be used
HQ(config-webvpn-context)#exit
HQ(config)#
HQ(config)#show run
HQ(config)#exit
HQ#show run
HQ#show running-config
*Mar 1 00:25:29.367: %SYS-5-CONFIG_I: Configured from console by console
HQ#show running-config | sec web
HQ#show running-config | sec web
webvpn gateway g1
ip address 101.1.1.100 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ccc
ssl authenticate verify all
!
!
port-forward "p_list"
local-port 2222 remote-server "192.168.10.100" remote-port 22 description "SS
H"
local-port 2323 remote-server "192.168.10.100" remote-port 23 description "TE
LNET"
local-port 8080 remote-server "192.168.10.100" remote-port 80 description "HT
TP"
local-port 8181 remote-server "192.168.10.100" remote-port 443 description "H
TTPS"
local-port 9022 remote-server "192.168.20.100" remote-port 22 description "SS
H"
local-port 8233 remote-server "192.168.20.100" remote-port 23 description "TE
LNET"
local-port 9080 remote-server "192.168.20.100" remote-port 80 description "HT
TP"
local-port 9443 remote-server "192.168.20.100" remote-port 443 description "H
TTPS"
!
policy group ppp
port-forward "p_list"
default-group-policy ppp
gateway g1
inservice
HQ#
HQ#confm t
^
% Invalid input detected at '^' marker.
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#user
HQ(config)#username madhu
HQ(config)#username madhu privi
HQ(config)#username madhu privilege 15 pass
HQ(config)#username madhu privilege 15 sec
HQ(config)#username madhu privilege 15 secret latha
HQ(config)#aa
HQ(config)#aaa
HQ(config)#aaa ne
HQ(config)#aaa new-model
HQ(config)#aa
HQ(config)#aaa
HQ(config)#aaa auth
HQ(config)#aaa authi
HQ(config)#aaa au
HQ(config)#aaa authenti
HQ(config)#aaa authentication log
HQ(config)#aaa authentication login ssl local
HQ(config)#werb
HQ(config)#we
HQ(config)#webvpn con
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#aaa authe
HQ(config-webvpn-context)#aaa authentication li
HQ(config-webvpn-context)#aaa authentication list ssl
HQ(config-webvpn-context)#^Z
HQ#
*Mar 1 00:30:39.987: %SYS-5-CONFIG_I: Configured from console by console
HQ#sho ru
HQ#sh ru
HQ#sh run
HQ#sh running-config | sec webvpn
webvpn gateway g1
ip address 101.1.1.100 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ccc
ssl authenticate verify all
!
!
port-forward "p_list"
local-port 2222 remote-server "192.168.10.100" remote-port 22 description "SS
H"
local-port 2323 remote-server "192.168.10.100" remote-port 23 description "TE
LNET"
local-port 8080 remote-server "192.168.10.100" remote-port 80 description "HT
TP"
local-port 8181 remote-server "192.168.10.100" remote-port 443 description "H
TTPS"
local-port 9022 remote-server "192.168.20.100" remote-port 22 description "SS
H"
local-port 8233 remote-server "192.168.20.100" remote-port 23 description "TE
LNET"
local-port 9080 remote-server "192.168.20.100" remote-port 80 description "HT
TP"
local-port 9443 remote-server "192.168.20.100" remote-port 443 description "H
TTPS"
!
policy group ppp
port-forward "p_list"
default-group-policy ppp
aaa authentication list ssl
gateway g1
inservice
HQ#wr
Building configuration...
[OK]
HQ#
HQ#
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#
HQ(config)#we
HQ(config)#webvpn c
HQ(config)#webvpn con
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#poli
HQ(config-webvpn-context)#policy gr
HQ(config-webvpn-context)#policy group ppp
HQ(config-webvpn-group)#ba
HQ(config-webvpn-group)#banner welcome_in_the_world_ssl_thin client_vpn
HQ(config)#^Z
HQ#
*Mar 1 00:56:02.691: %SYS-5-CONFIG_I: Configured from console by console
HQ#show run
HQ#show running-config | s web
webvpn gateway g1
ip address 101.1.1.100 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ccc
ssl authenticate verify all
!
!
port-forward "p_list"
local-port 2222 remote-server "192.168.10.100" remote-port 22 description "SS
H"
local-port 2323 remote-server "192.168.10.100" remote-port 23 description "TE
LNET"
local-port 8080 remote-server "192.168.10.100" remote-port 80 description "HT
TP"
local-port 8181 remote-server "192.168.10.100" remote-port 443 description "H
TTPS"
local-port 9022 remote-server "192.168.20.100" remote-port 22 description "SS
H"
local-port 8233 remote-server "192.168.20.100" remote-port 23 description "TE
LNET"
local-port 9080 remote-server "192.168.20.100" remote-port 80 description "HT
TP"
local-port 9443 remote-server "192.168.20.100" remote-port 443 description "H
TTPS"
!
policy group ppp
port-forward "p_list"
default-group-policy ppp
aaa authentication list ssl
gateway g1
inservice
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#we
HQ(config)#webvpn co
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#po
HQ(config-webvpn-context)#po
HQ(config-webvpn-context)#poli
HQ(config-webvpn-context)#policy gr
HQ(config-webvpn-context)#?
SSLVPN Submode commands:
aaa AAA config for context
acl ACL configuration submode
cifs-url-list CIFS URL list configuration submode
color Color for the browser
csd Cisco Secure Desktop config
default-group-policy Default group policy
exit Exit from SSLVPN mode
gateway Associate gateway to context
inservice Bring context to inservice
logging Error and event logging config
login-message Login messsage to be displayed
login-photo Login Photo file to be displayed
logo Logo file to be displayed
max-users Maximum users for this context
nbns-list NBNS list configuration submode
no Negate or set default values of a command
policy Policy configuration
port-forward Port-forward list config submode
secondary-color Secondary color for the browser
secondary-text-color Secondary text color for the browser
ssl SSL configurations for backend server connections
sso-server SSO Server configuration submode
text-color Text color for the browser
time-range Define time range entries
title Title to be displayed on the browser
title-color Title color for the browser
url-list URL list configuration submode
user-profile user profile
vrf-name VRF associated to context
HQ(config-webvpn-context)#poli
HQ(config-webvpn-context)#policy gr
HQ(config-webvpn-context)#policy group ppp
HQ(config-webvpn-group)#hi
HQ(config-webvpn-group)#hide-url-bar
HQ(config-webvpn-group)#exit
HQ(config-webvpn-context)#exit
HQ(config)#^Z
HQ#
*Mar 1 00:57:35.615: %SYS-5-CONFIG_I: Configured from console by console
HQ#
HQ#
HQ#
HQ#
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#werb
HQ(config)#we
HQ(config)#webvpn co
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#ur
HQ(config-webvpn-context)#url-list u_list
HQ(config-webvpn-url)#u
HQ(config-webvpn-url)#url-text admin ur
HQ(config-webvpn-url)#url-text admin url-value http://192.168.10.100
HQ(config-webvpn-url)#ur
HQ(config-webvpn-url)#url-text mgmt ur
HQ(config-webvpn-url)#url-text mgmt url-value http://192.168.20.100
HQ(config-webvpn-url)#exit
HQ(config-webvpn-context)#po
HQ(config-webvpn-context)#poli
HQ(config-webvpn-context)#policy gr
HQ(config-webvpn-context)#policy group ppp
HQ(config-webvpn-group)#ur
HQ(config-webvpn-group)#url-list u_list
HQ(config-webvpn-group)#fu
HQ(config-webvpn-group)#functions fi
HQ(config-webvpn-group)#functions file-ac
HQ(config-webvpn-group)#functions file-access
HQ(config-webvpn-group)#fru
HQ(config-webvpn-group)#fun
HQ(config-webvpn-group)#functions fi
HQ(config-webvpn-group)#functions file-b
HQ(config-webvpn-group)#functions file-browse
HQ(config-webvpn-group)#fun
HQ(config-webvpn-group)#functions fi
HQ(config-webvpn-group)#functions file-en
HQ(config-webvpn-group)#functions file-entry
HQ(config-webvpn-group)#hi
HQ(config-webvpn-group)#hide-url-bar
HQ(config-webvpn-group)#exit
HQ(config-webvpn-context)#^Z
HQ#
*Mar 1 01:00:48.463: %SYS-5-CONFIG_I: Configured from console by console
HQ#show run
HQ#show running-config | s we
webvpn gateway g1
ip address 101.1.1.100 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ccc
ssl authenticate verify all
!
url-list "u_list"
url-text "admin" url-value "http://192.168.10.100"
url-text "mgmt" url-value "http://192.168.20.100"
!
!
port-forward "p_list"
local-port 2222 remote-server "192.168.10.100" remote-port 22 description "SS
H"
local-port 2323 remote-server "192.168.10.100" remote-port 23 description "TE
LNET"
local-port 8080 remote-server "192.168.10.100" remote-port 80 description "HT
TP"
local-port 8181 remote-server "192.168.10.100" remote-port 443 description "H
TTPS"
local-port 9022 remote-server "192.168.20.100" remote-port 22 description "SS
H"
local-port 8233 remote-server "192.168.20.100" remote-port 23 description "TE
LNET"
local-port 9080 remote-server "192.168.20.100" remote-port 80 description "HT
TP"
local-port 9443 remote-server "192.168.20.100" remote-port 443 description "H
TTPS"
!
policy group ppp
url-list "u_list"
port-forward "p_list"
functions file-access
functions file-browse
functions file-entry
hide-url-bar
default-group-policy ppp
aaa authentication list ssl
gateway g1
inservice
HQ#confi t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#wr
HQ(config)#we
HQ(config)#webvpn co
HQ(config)#webvpn context ccc
HQ(config-webvpn-context)#aaa au
HQ(config-webvpn-context)#aaa authentication do
HQ(config-webvpn-context)#aaa authentication domain @ccc
HQ(config-webvpn-context)#^Z
HQ#we
*Mar 1 01:05:17.223: %SYS-5-CONFIG_I: Configured from console by console
HQ#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HQ(config)#usr
HQ(config)#us
HQ(config)#username test@ccc pass
HQ(config)#username test@ccc password madhu
HQ(config)#end
HQ#
HQ#wr
Building configuration...
[OK]
HQ#
*Mar 1 01:06:28.627: %SYS-5-CONFIG_I: Configured from console by console
HQ#
HQ#
HQ#show run
HQ#show running-config | sec webvpn
webvpn gateway g1
ip address 101.1.1.100 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ccc
ssl authenticate verify all
!
url-list "u_list"
url-text "admin" url-value "http://192.168.10.100"
url-text "mgmt" url-value "http://192.168.20.100"
!
!
port-forward "p_list"
local-port 2222 remote-server "192.168.10.100" remote-port 22 description "SS
H"
local-port 2323 remote-server "192.168.10.100" remote-port 23 description "TE
LNET"
local-port 8080 remote-server "192.168.10.100" remote-port 80 description "HT
TP"
local-port 8181 remote-server "192.168.10.100" remote-port 443 description "H
TTPS"
local-port 9022 remote-server "192.168.20.100" remote-port 22 description "SS
H"
local-port 8233 remote-server "192.168.20.100" remote-port 23 description "TE
LNET"
local-port 9080 remote-server "192.168.20.100" remote-port 80 description "HT
TP"
local-port 9443 remote-server "192.168.20.100" remote-port 443 description "H
TTPS"
!
policy group ppp
url-list "u_list"
port-forward "p_list"
functions file-access
functions file-browse
functions file-entry
hide-url-bar
default-group-policy ppp
aaa authentication list ssl
aaa authentication domain @ccc
gateway g1
inservice
HQ#