Creating an SSL VPN

Problem

You want to create an SSL VPN using Cisco’s WebVPN services on an IOS router.

Solution

You can configure a simple SSL VPN on a router, essentially constructing an HTTPS portal that includes simple port forwarding:

Core#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Core(config)#hostname Core
Core(config)#ip domain-name oreilly.com
Core(config)#aaa new-model
Core(config)#aaa authentication login local_auth local
Core(config)#username ijbrown secret ianspassword
Core(config)#username kdooley secret kevinspassword
Core(config)#crypto pki trustpoint WEBVPN
Core(ca-trustpoint)#enrollment selfsigned
Core(ca-trustpoint)#rsakeypair WEBVPN 1024
Core(ca-trustpoint)#subject-name CN=WEBVPN OU=cookbooks O=oreilly
Core(ca-trustpoint)#exit
Core(config)#crypto pki enroll WEBVPN
The router has already generated a Self Signed Certificate for
trustpoint TP-self-signed-3299111097.
If you continue the existing trustpoint and Self Signed Certificate
will be deleted.

Do you want to continue generating a new Self Signed Certificate? [yes/no]:yes
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created

Core(config)#interface Loopback0
Core(config-if)#ip address 172.25.100.2 255.255.255.255
Core(config-if)#exit
Core(config)#webvpn enable gateway-addr 172.25.100.2 Core(config)# Core(config)# ...

Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco IOS Cookbook, 2nd Edition by Kevin Dooley, Ian Brown

Creating an SSL VPN

Problem

Solution

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly